N-able Releases Critical Security Update for N-central

Updates address two vulnerabilities that have been added to the Known Exploited Vulnerabilities Catalog

Threat ID:: CC-4692
Threat Severity:: Medium
Published:: 14 August 2025 1:52 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Updates address two vulnerabilities that have been added to the Known Exploited Vulnerabilities Catalog

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 2025.3.1

N-able N-central

Threat details

Introduction

N-able has released a critical security update for N-central, a remote monitoring and management (RMM) platform used to manage, secure, and automate IT environments. The two vulnerabilities have been given the CVE designation of CVE-2025-8875 and CVE-2025-8876, and can be exploited by an authenticated attacker.

The US Cybersecurity and Infrastructure Agency (CISA) have added CVE-2025-8875 and CVE-2025-8876 to its Known Exploited Vulnerability Catalog with the following information:

CVE-2025-8875 - N-able N-central Insecure Deserialization Vulnerability
CVE-2025-8876 - N-able N-central Command Injection Vulnerability

N-able state that the details of the CVEs will be published 3 weeks after the update release.

Exploitation of vulnerabilities CVE-2025-8875 and CVE-2025-8876

CISA has added CVE-2025-8875 and CVE-2025-8876 to its Known Exploited Vulnerability Catalog based on evidence of active exploitation.

Remediation advice

Affected organisations are encouraged to review N-able's advisory Announcing the GA of N-central 2025.3.1 and apply the update.

Definitive source of threat updates

https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/

CVE Vulnerabilities

Status Reserved

CVE-2025-8875

Status Reserved

CVE-2025-8876

Last edited: 14 August 2025 2:09 pm