Latest Cyber Security News

You are here: Home / General Cyber Security News / CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog
August 14, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

N-able N-central is a Remote Monitoring and Management (RMM) platform designed for Managed Service Providers (MSPs), allowing customers to efficiently manage and secure their clients’ Windows, Apple, and Linux endpoints from a single, unified platform.

The vulnerabilities in question are listed below –

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


  • CVE-2025-8875 (CVSS score: N/A) – An insecure deserialization vulnerability that could lead to command execution
  • CVE-2025-8876 (CVSS score: N/A) – A command injection vulnerability via improper sanitization of user input

Both shortcomings have been addressed in N-central versions 2025.3.1 and 2024.6 HF2 released on August 13, 2025. N-able is also urging customers to make sure that multi-factor authentication (MFA) is enabled, particularly for admin accounts.

Cybersecurity

“These vulnerabilities require authentication to exploit,” N-able said in an alert. “However, there is a potential risk to the security of your N-central environment, if unpatched. You must upgrade your on-premises N-central to 2025.3.1.”

It’s currently not known how the vulnerabilities are being exploited in real-world attacks, in what context, and what is the scale of such efforts. The Hacker News has reached out to N-able for comment, and we will update the story if we hear back.

In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are recommended to apply the necessary fixes by August 20, 2025, to secure their networks.

The development comes a day after CISA placed two-year-old security flaws affecting Microsoft Internet Explorer and Office in the KEV catalog –

  • CVE-2013-3893 (CVSS score: 8.8) – A memory corruption vulnerability in Microsoft Internet Explorer that allows for remote code execution
  • CVE-2007-0671 (CVSS score: 8.8) – A remote code execution vulnerability in Microsoft Office Excel that can be exploited when a specially crafted Excel file is opened to achieve remote code execution

FCEB agencies have time till September 9, 2025, to update to the latest versions, or discontinue their use if the product has reached end-of-life (EoL) status, as is the case with Internet Explorer.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *