What’s new: CISA has added two vulnerabilities affecting N-able N-central to its Known Exploited Vulnerabilities catalog due to evidence of active exploitation. The vulnerabilities are CVE-2025-8875, an insecure deserialization flaw that could lead to command execution, and CVE-2025-8876, a command injection vulnerability due to improper sanitization of user input. Both vulnerabilities have been addressed in N-central versions 2025.3.1 and 2024.6 HF2, released on August 13, 2025.
Who’s affected
Organizations using N-able N-central, a Remote Monitoring and Management platform for Managed Service Providers (MSPs), are at risk if they have not updated to the latest versions.
What to do
- Upgrade N-central to version 2025.3.1 or 2024.6 HF2 to mitigate the vulnerabilities.
- Ensure multi-factor authentication (MFA) is enabled for admin accounts.
- Federal Civilian Executive Branch (FCEB) agencies should apply the necessary fixes by August 20, 2025.
