The US Cybersecurity and Infrastructure Security Agency (CISA) on 13 August 2025 added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. N-able N-central is a Remote Monitoring and Management (RMM) platform designed for Managed Service Providers (MSPs), allowing customers to efficiently manage and secure their clients' Windows, Apple, and Linux endpoints from a single, unified platform.[1]
The vulnerabilities in question are listed below -
- CVE-2025-8875 (CVSS score: N/A) - An insecure deserialization vulnerability that could lead to command execution
- CVE-2025-8876 (CVSS score: N/A) - A command injection vulnerability via improper sanitization of user input
Both shortcomings have been addressed in N-central versions 2025.3.1 and 2024.6 HF2 released on 13 August 2025. N-able is also urging customers to make sure that multi-factor authentication (MFA) is enabled, particularly for admin accounts.
"These vulnerabilities require authentication to exploit," N-able said in an alert. "However, there is a potential risk to the security of your N-central environment, if unpatched. You must upgrade your on-premises N-central to 2025.3.1."
It is currently not known how the vulnerabilities are being exploited in real-world attacks, in what context, and what is the scale of such efforts. Two critical vulnerabilities were identified within the N-able N-central solution which require authentication to exploit and could allow a threat actor to elevate their privileges and maliciously use N-central if not patched. Analyst acted quickly to release a hotfix to address these vulnerabilities, which we have communicated to all N-central customers. Their security investigations have shown evidence of this type of exploitation in a limited number of on-premises environments. Researchers have not seen any evidence of exploitation within N-able hosted cloud environments. Its commitment to security and transparency will continue; analysts have reserved two CVEs (CVE-2025-8875, CVE-2025-8876) that relate to this hotfix which they will release in the coming weeks. They will update customers with any additional information that becomes available as our investigation continues into this matter.
Considering active exploitation, Federal Civilian Executive Branch (FCEB) agencies are recommended to apply the necessary fixes by 20 August 2025, to secure their networks.
The development comes a day after CISA placed two-year-old security flaws affecting Microsoft Internet Explorer and Office in the KEV catalog -
- CVE-2013-3893 (CVSS score: 8.8) - A memory corruption vulnerability in Microsoft Internet Explorer that allows for remote code execution
- CVE-2007-0671 (CVSS score: 8.8) - A remote code execution vulnerability in Microsoft Office Excel that can be exploited when a specially crafted Excel file is opened to achieve remote code execution
FCEB agencies have time till 09 September 2025, to update to the latest versions, or discontinue their use if the product has reached End-of-Life (EoL) status, as is the case with Internet Explorer.
This article is shared with permission at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://thehackernews.com/2025/08/cisa-adds-two-n-able-n-central-flaws-to.html
Comments