CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog

CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog

Posted on By CWS

Aug 14, 2025Ravie LakshmananVulnerability / Community Safety
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Wednesday added two safety flaws impacting N-able N-central to its Identified Exploited Vulnerabilities (KEV) catalog, citing proof of energetic exploitation.
N-able N-central is a Distant Monitoring and Administration (RMM) platform designed for Managed Service Suppliers (MSPs), permitting prospects to effectively handle and safe their shoppers’ Home windows, Apple, and Linux endpoints from a single, unified platform.
The vulnerabilities in query are listed under –

CVE-2025-8875 (CVSS rating: N/A) – An insecure deserialization vulnerability that would result in command execution
CVE-2025-8876 (CVSS rating: N/A) – A command injection vulnerability through improper sanitization of person enter

Each shortcomings have been addressed in N-central variations 2025.3.1 and 2024.6 HF2 launched on August 13, 2025. N-able can also be urging prospects to ensure that multi-factor authentication (MFA) is enabled, notably for admin accounts.

“These vulnerabilities require authentication to take advantage of,” N-able stated in an alert. “Nonetheless, there’s a potential threat to the safety of your N-central atmosphere, if unpatched. You will need to improve your on-premises N-central to 2025.3.1.”
It is at the moment not identified how the vulnerabilities are being exploited in real-world assaults, in what context, and what’s the scale of such efforts. The Hacker Information has reached out to N-able for remark, and we are going to replace the story if we hear again.
In gentle of energetic exploitation, Federal Civilian Govt Department (FCEB) companies are advisable to use the required fixes by August 20, 2025, to safe their networks.
The event comes a day after CISA positioned two-year-old safety flaws affecting Microsoft Web Explorer and Workplace within the KEV catalog –

CVE-2013-3893 (CVSS rating: 8.8) – A reminiscence corruption vulnerability in Microsoft Web Explorer that enables for distant code execution
CVE-2007-0671 (CVSS rating: 8.8) – A distant code execution vulnerability in Microsoft Workplace Excel that may be exploited when a specifically crafted Excel file is opened to attain distant code execution

FCEB companies have time until September 9, 2025, to replace to the most recent variations, or discontinue their use if the product has reached end-of-life (EoL) standing, as is the case with Web Explorer.

The Hacker News Tags:, , , , , , ,

Related Posts

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access The Hacker News
Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More The Hacker News
How to Browse the Web More Sustainably With a Green Browser How to Browse the Web More Sustainably With a Green Browser The Hacker News
Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence The Hacker News
GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections The Hacker News
Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More The Hacker News