Deserialization Vulnerability in N-able N-central Software
CVE-2025-8875

9.4CRITICAL

Key Information:

Vendor

N-able

Status
N-central
Vendor
CVE Published:
14 August 2025

Badges

๐Ÿ”ฅ Trending now๐Ÿ“ˆ Trended๐Ÿ“ˆ Score: 1,950๐Ÿ‘พ Exploit Exists๐ŸŸฃ EPSS 10%๐Ÿฆ… CISA Reported๐Ÿ“ฐ News Worthy

What is CVE-2025-8875?

CVE-2025-8875 represents a deserialization vulnerability found in N-able N-central software, which is utilized for remote monitoring and management, particularly by IT service providers. This vulnerability allows for the local execution of code when untrusted data is deserialized, potentially enabling an attacker to execute malicious code on the affected system. Organizations relying on N-able N-central could face severe risks if this vulnerability is exploited, including unauthorized access to sensitive systems, disruption of services, and potential data breaches. The affected versions of N-central were prior to the 2025.3.1 release, emphasizing the critical need for users to update their software to the latest version to mitigate associated risks.

Potential impact of CVE-2025-8875

  1. Unauthorized Code Execution: The vulnerability permits local execution of arbitrary code, allowing attackers to run malicious programs on the compromised system, which could lead to full control over the device.

  2. Data Breaches: Successful exploitation could allow malicious actors to access, manipulate, or steal sensitive data within the organization, resulting in significant privacy and data protection issues.

  3. Service Disruption: Compromised systems may be rendered inoperative, resulting in downtime for services provided through N-central, which could have cascading effects on business operations and client trust.

CISA has reported CVE-2025-8875

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-8875 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

N-central 0 < 2025.3.1

News Articles

favicon imageBleepingComputer

Over 800 N-able servers left unpatched against critical flaws

Over 800 N-able N-central servers remain unpatched against a pair of critical security vulnerabilities tagged as actively exploited last week.

19 hours ago

favicon imageBleepingComputer

CISA warns of N-able N-central flaws exploited in zero-day attacks

โ€‹CISA warned on Wednesday that attackers are actively exploiting two security vulnerabilities in Nโ€‘able's N-central remote monitoring and management (RMM) platform.

5 days ago

References

https://status.n-able.com/2025/08/13/announcing-the-ga-of...

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐Ÿ“ˆ

    Vulnerability started trending

  • ๐Ÿ“ฐ

    First article discovered by BleepingComputer

  • Vulnerability published

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿฆ…

    CISA Reported

  • Vulnerability Reserved

.
CVE-2025-8875 : Deserialization Vulnerability in N-able N-central Software