New Security Vulnerabilities Discovered in N-able N-central
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities (KEV) catalog by adding two concerning vulnerabilities found in N-able N-central, a platform that supports Remote Monitoring and Management (RMM) for Managed Service Providers (MSPs). This action indicates there is ongoing active exploitation of these flaws.
What is N-able N-central?
N-able N-central serves as an integral tool for MSPs, allowing them to manage and secure various client endpoints, which include devices running Windows, macOS, and Linux, all from a central interface. This capability streamlines operations and enhances client security, making the recent discovery of vulnerabilities within the platform a critical concern for MSPs and their clients alike.
Identified Vulnerabilities
CISA has highlighted the following vulnerabilities:
- CVE-2025-8875: This is an insecure deserialization vulnerability that poses the risk of allowing command execution.
- CVE-2025-8876: This vulnerability stems from improper input sanitization, leading to potential command injection.
These vulnerabilities were documented in detail because they could greatly undermine the security infrastructure of any organization utilizing N-central if not promptly addressed.
Swift Remedial Actions Taken
N-able has made updates available in the form of new versions—2025.3.1 and 2024.6 HF2—released on August 13, 2025. Users are strongly encouraged to install these upgrades to protect their systems from potential threats. Furthermore, N-able advises all customers to enable multi-factor authentication (MFA), especially for administrative accounts, to enhance security.
In a statement, N-able noted, "These vulnerabilities require authentication to exploit. However, unpatched systems still face significant risks." This acknowledgment underscores the importance of prompt action in maintaining system integrity.
Exploit Context and Investigation Findings
As of now, the specifics regarding how exactly these vulnerabilities have been exploited in real-world scenarios remain unclear. N-able has conducted ongoing investigations and indicated that the exploitation appears to be occurring in a limited number of on-premises environments. They clarified that there is no evidence suggesting these vulnerabilities are being exploited in N-able’s cloud-hosted environments.
A representative from N-able commented to The Hacker News, stating that while the vulnerabilities reveal significant risk, timely communication and updates have been issued to all customers. The company remains committed to transparency as the investigation progresses.
Recommendations for Federal Agencies
Given the active exploitation concerns, it is recommended that Federal Civilian Executive Branch (FCEB) agencies implement the necessary fixes by August 20, 2025. This proactivity is crucial for safeguarding their networks against potential breaches.
Previous Vulnerabilities Listed by CISA
In a related note, CISA has also recently added two older vulnerabilities affecting Microsoft Internet Explorer and Office to the KEV catalog. These are:
- CVE-2013-3893: A memory corruption issue in Internet Explorer leading to remote code execution, with a CVSS score of 8.8.
- CVE-2007-0671: A similar remote code execution vulnerability in Microsoft Office Excel, also carrying a CVSS score of 8.8.
FCEB agencies are given until September 9, 2025, to update these products or discontinue their use, particularly since Internet Explorer has reached end-of-life status.
(Note: The story has been updated to reflect N-able’s recent response.)
