Product and affected versions
N-able N-central — a Remote Monitoring and Management (RMM) platform used by Managed Service Providers (MSPs) for managing Windows, Apple, and Linux endpoints.
Severity and CEV ID
-
CVE-2025-8875: Insecure deserialization vulnerability (potential for command execution).
-
CVE-2025-8876: Command injection via improper sanitization of user input.
-
Severity: Both are labeled as critical, given the active exploitation and potential for remote code execution
How attacks work
-
Both vulnerabilities are exploitable only by authenticated users, raising the bar—but still dangerous, especially in multi-tenant MSP environments.
-
Active Exploitation: CISA added both to its Known Exploited Vulnerabilities (KEV) catalog on August 13, 2025, citing evidence of exploit in the wild.
-
Zero-day possibility: Reports suspect that exploitation began before public disclosure of the flaws.
-
Scope: N-able reports that a limited number of on-premises deployments have been impacted; no evidence so far in N-able’s hosted/cloud environments.
Remediations
-
Apply the hotfix/update immediately: Upgrade on-premises N-central systems to 2025.3.1 or apply 2024.6 HF2, as released on August 13, 2025.
-
Enable Multi-Factor Authentication (MFA)—especially for administrative accounts—to help mitigate risks, since exploit requires authentication.
Reference
-
The Hacker News article “CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog” by Ravie Lakshmanan, dated August 14, 2025.
-
CISA’s KEV catalog entries for CVE-2025-8875 and CVE-2025-8876.
