A short time ago, Galactic Advisors, a cybersecurity firm specializing in managed service provider (MSP) defense, discovered critical vulnerabilities in Kaseya’s Network Detective tool.
Kaseya and Galactic partner to quickly address vulnerabilities
Kaseya, a global provider of AI-powered IT management and cybersecurity software, worked closely with Galactic to identify and resolve two vulnerabilities in the tool. The software provider acted quickly upon notification, validated the findings, and deployed security updates. The vulnerabilities were discovered during routine security research by Galactic Advisors’ team.
“At Galactic, our mission is to help MSPs avoid cyber liability. This means holding the tools they rely on to the highest security standards,” said Bruce McCully, CEO of Galactic Advisors. “We’re proud of our team’s diligence and of Kaseya’s willingness to engage transparently and take immediate action.”
The two issues are publicly listed in the MITRE CVE database now:
- CVE-2025-32353 – Passwords in Cleartext: Network Detective stored sensitive credentials, including those for privileged and administrative accounts, in unprotected plaintext files on local machines. A threat actor with access to the system could have easily accessed the files.
- CVE-2025-32874 – Reversible Encryption: The tool used a predictable, static encryption method for storing credentials, allowing threat actors to decrypt and expose sensitive data.
Vulnerabilities in MSP environments: Kretsinger on the importance of risk assessments
Channel Insider recently spoke with Cody Kretsinger, Principal Security Advisor at Galactic Advisors, about the discovered vulnerabilities and how MSPs should reevaluate vendor trust and dependency.
“When it comes to looking into any tool– and that doesn’t matter if it’s a security tool or otherwise– every organization has to go through some sort of risk assessment depending on the level of access or what the tool does,” said Kretsinger. “You have to weigh the likelihood versus the impact regarding that tool itself.”
Kretsinger said that Galactic has a vendor checklist to ensure that organizations cover all their bases when evaluating new tools for the security stack or any other aspect of an MSP. Galactic is working to deliver a high-quality product to partners, reducing liability, while also ensuring that the channel as a whole is as secure as possible.
“MSPs do have a right to have the best quality products given to them, including on the security side,” Kretsinger said. “The benefit of being a security researcher and working in the channel is that we get to analyze everyone out there. As we discover flaws as we did with this particular product, then we use Responsible Disclosure to make sure that at the end of the day all tides rise if everybody is rowing in the same direction.”
Balancing trust and verification
According to Kretsinger, when it comes to any tool, every organization should conduct a risk assessment, depending on the level of access or the tool’s functionality.
Risk assessments are one of the only ways to really assess the security versus the impact on those products.
“Risk assessment is one piece of it that’s an incredibly important piece of what an MSP really needs to do on an ongoing basis,” said Kretsinger. “The other key component is going to be vendor relationships. Being able to have those relationships with your vendor so that if something occurs– or really when something occurs– everybody’s going to be impacted by something security related eventually.”
When that incident occurs, having established relationships between the vendor and customer ensures that communication, support, updates, and transparency are readily available.
The proliferation of AI throughout the channel has opened up new opportunities for threat actors to infiltrate MSPs. Read more about how Trend Micro is leveraging AI to proactively enhance its cybersecurity posture.