The US Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws affecting N-Abable N-Central to its known Exploited Vulnerabilities (KEV) catalogue, citing evidence of aggressive exploitation.
N-Able N-Central is a remote monitoring and management (RMM) platform designed for managed service providers (MSPs), allowing customers to efficiently manage and secure clients’ Windows, Apple and Linux endpoints from a single unified platform.
The vulnerabilities in question are listed below –
CVE-2025-8875 (CVSS score: N/A) – Unstable desertion vulnerability that could lead to command execution CVE-2025-8876 (CVSS score: N/A) – Command injection vulnerability due to inappropriate disinfection of user input
Both drawbacks are addressed in N-Central versions 2025.3.1 and 2024.6 HF2, released on August 13, 2025. N-ABLE encourages customers to enable Multifactor Authentication (MFA) especially for managed accounts.
“These vulnerabilities require authentication to take advantage of,” N-Able said in an alert. “However, for security in an n-central environment, N-Central must be upgraded to 2025.3.1.”
Currently, we don’t know how vulnerabilities are being exploited in real-world attacks, in what context, and what the scale of such efforts is. Hacker News has reached out to n-able for comments and will update the story if there is a reply.
In light of active exploitation, a Federal Private Enforcement Division (FCEB) agency is recommended to apply necessary modifications to ensure the network by August 20, 2025.
The development is the day after CISA placed two years ago security flaws affecting Microsoft Internet Explorer and Office in the KEV catalog –
CVE-2013-3893 (CVSS score: 8.8) – Microsoft Internet Explorer memory corruption vulnerability that enables remote code execution CVE-2007-0671 (CVSS score: 8.8) – Microsoft Office Excel remote code execution vulnerability when realizing a remote code file that enables special code files
The FCEB agency will have time until September 9, 2025 to update to the latest version or discontinue use if the product reaches end-of-life (EOL) status, as in the case of the product in Internet Explorer.
Source link
