XML External Entities Injection Vulnerability in N-central by N-able
CVE-2025-11700

8.4HIGH

Key Information:

Vendor

N-able

Status
N-central
Vendor
CVE Published:
12 November 2025

What is CVE-2025-11700?

CVE-2025-11700 is an XML External Entities (XXE) injection vulnerability identified in N-central, a software product developed by N-able, designed for IT management and service delivery. This vulnerability affects N-central versions prior to 2025.4 and allows attackers to manipulate XML input to extract sensitive information from the server. This can lead to unauthorized data exposure, potentially compromising the confidentiality of the organization. With IT management systems often holding critical business and user data, successful exploitation of this vulnerability can pose serious risks to an organization, including data breaches and erosion of customer trust.

Potential impact of CVE-2025-11700

  1. Information Disclosure: Exploiting this vulnerability can enable attackers to retrieve sensitive information, such as system files or user credentials, leading to potential data breaches.

  2. Increased Attack Surface: Organizations running outdated versions of N-central may find themselves more vulnerable to other attacks, as the information disclosed through this vulnerability can facilitate further exploits.

  3. Reputational Damage: A significant data breach resulting from this vulnerability can severely impact an organization’s reputation, leading to loss of customer confidence and financial repercussions.

Affected Version(s)

N-central 0 < 2025.4

References

https://me.n-able.com/s/security-advisory/aArVy0000000rabKAA

EPSS Score

65% chance of being exploited in the next 30 days.

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.