Improper Input Validation in N-able N-central Software
CVE-2025-8876
Key Information:
Badges
What is CVE-2025-8876?
A vulnerability in N-able N-central allows attackers to perform OS Command Injection due to improper input validation. This issue affects versions of N-central released before 2025.3.1, posing a risk for systems utilizing these versions. Implementing the latest updates is crucial for remediation and maintaining system integrity.
CISA has reported CVE-2025-8876
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-8876 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
N-central 0 < 2025.3.1
News Articles
Over 800 N-able servers left unpatched against critical flaws
Over 800 N-able N-central servers remain unpatched against a pair of critical security vulnerabilities tagged as actively exploited last week.
22 hours ago
CISA warns of N-able N-central flaws exploited in zero-day attacks
CISA warned on Wednesday that attackers are actively exploiting two security vulnerabilities in N‑able's N-central remote monitoring and management (RMM) platform.
5 days ago
References
EPSS Score
20% chance of being exploited in the next 30 days.
CVSS V4
Timeline
- 📰
First article discovered by BleepingComputer
Vulnerability published
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability Reserved