- Description
- Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.
- Source
- a5532a13-c4dd-4202-bef1-e0b8f2f8d12b
- NVD status
- Analyzed
- Products
- n-central
CVSS 4.0
- Type
- Secondary
- Base score
- 9.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- N-able N-Central Command Injection Vulnerability
- Exploit added on
- Aug 13, 2025
- Exploit action due
- Aug 20, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Hundreds of N-able N-central Instances Affected by Exploited Vulnerabilities More than 870 N-able N-central instances have not been patched against CVE-2025-8875 and CVE-2025-8876, two exploited vulnerabilities. The post Hundreds of N-able N-central Instances Affected by Expl...
@SecurityAid
25 Nov 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Attacks Exploiting N-able Vulnerabilities CISA reported becoming aware of attacks exploiting CVE-2025-8875 and CVE-2025-8876 in N-able N-central on the day they were patched. The post CISA Warns of Attacks Exploiting N-able Vulnerabilities appeared first on Secu...
@SecurityAid
21 Nov 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ N-central Zero-Day Exploited in the Wild CVE-2025-8875 & CVE-2025-8876 are now under active exploitation. ▫️2,140+ servers already exposed. Track & secure affected assets 👉https://t.co/5N0wJqFcZ4 https://t.co/P6NN2YaIE0
@CriminalIP_US
10 Sept 2025
140 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Software de gestión y ataques dirigidos 🖥️ El boletín #CTI de #MetaProtec detecta amenazas en N-Able N-Central. 📌 CVE-2025-8875 y CVE-2025-8876 permiten ejecución remota por deserialización insegura. 🔓 Consolas de gestión TI: objetivo directo de ataques dirigido
@MetaProtec
7 Sept 2025
46 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ N-central Zero-Day, 당신의 서버는 안전합니까? 최근 N-able N-central의 CVE-2025-8875, CVE-2025-8876 취약점이 실제 공격에 악용되며 전 세계 2,140개 서버가 위협에 노출되었습니다. Criminal IP Asset Search로 위험 자산을 식별
@CriminalIP_KR
3 Sept 2025
68 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼ #N_able: rilevato lo sfruttamento attivo in rete delle CVE-2025-8875 e CVE-2025-8876 presenti nella piattaforma di RMM #N_central Rischio: 🟠 Tipologia: 🔸Arbitrary Code Execution 🔸Elevation of Privilege 🔗 https://t.co/48xohP07Cq 🔄 Ag… https://t.c
@Vulcanux_
20 Aug 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼ #N_able: rilevato lo sfruttamento attivo in rete delle CVE-2025-8875 e CVE-2025-8876 presenti nella piattaforma di RMM #N_central Rischio: 🟠 Tipologia: 🔸Arbitrary Code Execution 🔸Elevation of Privilege 🔗 https://t.co/egMHlTxvXj 🔄 Aggiornamenti disponibili
@csirt_it
20 Aug 2025
216 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-8875 and CVE-2025-8876: Vulnerability Detection Script using Nuclei GitHub: https://t.co/jmoM7WBaKh https://t.co/hrgwJVIqKH
@DarkWebInformer
19 Aug 2025
12717 Impressions
29 Retweets
193 Likes
83 Bookmarks
0 Replies
1 Quote
Over 800 N-able N-central servers remain unpatched against critical flaws CVE-2025-8875 and CVE-2025-8876, enabling command injection and deserialization attacks. Patch version 2025.3.1 is available. #NablePatch #USFederal #ServerRisk https://t.co/8ennArgSQB
@TweetThreatNews
18 Aug 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Kritieke beveiligingslekken in n-able n-central servers: meer dan 800 nog niet gepatcht https://t.co/hid5PV65KA #N-able #N-central #beveiligingslek #CVE-2025-8875 #CVE-2025-8876 #Trending #Tech #Nieuws
@TrendingNewsBot
18 Aug 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 N-able N-central, #OS Command Injection, #CVE-2025-8876 (Critical) https://t.co/1kGzS0TMM1
@dailycve
18 Aug 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I've created a vulnerability script for CVE-2025-8875 and CVE-2025-8876 - both currently being actively exploited in the wild as reported by @cisacyber. Detection script: https://t.co/pR6pFr1NNs Patches are available: https://t.co/J9Zctf0WOA https://t.co/9tFZTYuRh1
@rxerium
17 Aug 2025
7641 Impressions
27 Retweets
137 Likes
106 Bookmarks
2 Replies
0 Quotes
CVE-2025-8876 N-able N-central OS Command Injection Vulnerability Prior to Version 2025.3.1 https://t.co/dPOk7jifqE
@VulmonFeeds
17 Aug 2025
90 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
We added version based N-able N-central RMM CVE-2025-8875 & CVE-2025-8876 detection to our daily scans. 1077 IPs unpatched IPs seen on 2025-08-15. Both CVEs recently added to @CISACyber KEV. Top affected: US, Canada, Netherlands, UK Dashboard map view: https://t.co/yL9hUjiZ
@Shadowserver
17 Aug 2025
3166 Impressions
17 Retweets
29 Likes
8 Bookmarks
1 Reply
0 Quotes
CISAが2つの既知の脆弱性をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Aug 13) CVE-2025-8875 N-able N-central の安全でないデシリアライゼーションの脆弱性 CVE-2025-8876 N-able N-central コマンドインジ
@foxbook
17 Aug 2025
268 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has issued a warning for organizations using N-able’s N-central RMM product. Two #vulnerabilities (CVE-2025-8875 & CVE-2025-8876) are being exploited. N-able released version 2025.3 with a critical security fix. #ThreatIntelligence #onpatrol4malware https://t.co/BO59
@MalwarePatrol
14 Aug 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added N-able N-central insecure deserialization & command injection vulnerabilities CVE-2025-8875 & CVE-2025-8876 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cyber
@CISACyber
14 Aug 2025
4743 Impressions
19 Retweets
34 Likes
7 Bookmarks
1 Reply
0 Quotes
CISA alerts to active exploitation of two critical vulnerabilities in N-able N-central (CVE-2025-8875 & CVE-2025-8876) involving insecure deserialization and command injection. Patch version 2025.3 released. #Ncentral #ITsecurity #USA https://t.co/vshATFp3xG
@TweetThreatNews
14 Aug 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has added two vulnerabilities in N-able N-central to its Known Exploited Vulnerabilities catalog due to active exploitation. The flaws are CVE-2025-8875 (insecure deserialization) and CVE-2025-8876 (command injection). https://t.co/y97ZkqosNT
@securityRSS
14 Aug 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
This could get ugly - CISA warns of exploitation of N-able N-central, which is a remote monitoring & management (RMM) tool. It also has an MSSP version which means access to customer envs at scale if succesfully exploited. Two vulns: CVE-2025-8875, CVE-2025-8876 https://t.c
@SimoKohonen
14 Aug 2025
2835 Impressions
4 Retweets
23 Likes
6 Bookmarks
3 Replies
1 Quote
⚠️ CISA adds 2 N-able N-central flaws (CVE-2025-8875 & CVE-2025-8876) to its KEV list—both under active attack. MSPs & orgs must patch now to avoid multi-network compromise. Details + fixes here 👉 https://t.co/XqUiRIYcQQ #CyberSecurity #Vulnerabilities https://
@TEISS
14 Aug 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8875 (insecure deserialization) CVE-2025-8876 (command injection) Both are being actively exploited—MSPs and orgs running N-central must patch to version 2025.3.1 or 2024.6 HF2 by Aug 20. Enable MFA, restrict access ASAP. #CyberSecurity #CISA #Nable #KEV #MSP #PatchNow
@SecurEpitome
14 Aug 2025
44 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISAから新規KEV登録のお知らせメールが来た。CVE-2025-8875とCVE-2025-8876 社内DBにpushしようとツールを実行しても、NVD APIでエラーが発生する。しばらく悩んだが、NVDのページを調べてみると… えっ、まだNVD側に
@shojiueda
14 Aug 2025
175 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-8876 #N-able #N-Central Command Injection Vulnerability https://t.co/fLysImUHIa
@ScyScan
13 Aug 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:n-able:n-central:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBFDA053-AF76-4028-8595-41B18D37717B",
"versionEndExcluding": "2025.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]