What is CVE-2014-125113?

CVE-2014-125113 is a vulnerability in Dell/quest Kace K1000 Systems Management Appliance, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-05.

Is CVE-2014-125113 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Dell/quest Kace K1000 Systems Management Appliance

CVE-2014-125113

An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the download_agent.php endpoint. An attacker can u…

Vulnerability class: Unrestricted File Upload

EPSS: 0.766 (99.0th percentile) — read the EPSS interpretation.

Affected products

Dell/quest Kace K1000 Systems Management Appliance — versions 5.5, 5.0, 5.4

Weakness classification (CWE)

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/u… (exploit)
console-cowboys.blogspot.com/2014/03/the-curious-case-of-ninjamonkeypiratela.ht… (technical-description, exploit)
www.exploit-db.com/exploits/39693 (exploit)
www.vulncheck.com/advisories/dell-quest-kace-k1000-unauth-file-upload-rce (third-party-advisory)

Frequently asked questions

What is CVE-2014-125113?: CVE-2014-125113 is a vulnerability in Dell/quest Kace K1000 Systems Management Appliance, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-05.
Is CVE-2014-125113 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.