Session ID Generation Vulnerability in N-central by N-able
CVE-2025-9316

6.9MEDIUM

Key Information:

Vendor: N-able
Status: N-central
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-9316?

An issue in N-central prior to version 2025.4 allows for the generation of session IDs for unauthenticated users. This creates a security risk, as malicious actors could exploit this flaw to gain unauthorized access to sensitive user sessions, potentially compromising user data and system integrity. It is essential for users of N-central to upgrade to version 2025.4 or later to mitigate this vulnerability and protect their systems.

Affected Version(s)

N-central Linux 0 < 2025.4

References

https://me.n-able.com/s/security-advisory/aArVy0000000rdp...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Aug 21, 2025

JSON