XML External Entities Injection Vulnerability in N-central by N-able
CVE-2025-11700

8.4HIGH

Key Information:

Vendor: N-able
Status: N-central
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-11700?

N-central versions earlier than 2025.4 are susceptible to an XML External Entities (XXE) injection, which can result in unauthorized information disclosure. This vulnerability allows attackers to exploit the application's ability to parse XML inputs, potentially leading to access to sensitive data. Proper validation and sanitization of XML data inputs can mitigate these risks, ensuring the security of the application.

Affected Version(s)

N-central 0 < 2025.4

References

https://me.n-able.com/s/security-advisory/aArVy0000000rab...

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Oct 13, 2025

JSON