Remote Code Execution Vulnerability in N-central Software Probe by N-able

CVE-2025-11367

What is CVE-2025-11367?

CVE-2025-11367 is a remote code execution vulnerability found in the N-central Software Probe developed by N-able. This software is primarily used in remote monitoring and management of IT systems, enabling service providers to efficiently handle various aspects of IT administration. The vulnerability arises from unsafe deserialization practices present in versions earlier than 2025.4, allowing malicious actors to execute arbitrary code remotely. The potential exploitation of this vulnerability could severely disrupt operations within an organization, leading to unauthorized access to sensitive data, system integrity compromise, and the ability to deploy other malicious software, including ransomware.

Potential impact of CVE-2025-11367

1. Unauthorized Remote Access: The vulnerability allows attackers to gain control over affected systems remotely, which they could exploit to access sensitive information, alter configurations, or execute unauthorized commands.

2. System Compromise: Successful exploitation can lead to full systemic takeover, enabling attackers to install malware, disrupt services, or steal critical data, significantly impacting business continuity and integrity.

3. Widespread Malware Distribution: Given the nature of the vulnerability, there is a high risk of enabling the delivery of various forms of malware, including ransomware, thereby increasing the threat landscape for organizations that rely on the affected software.

References