Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog: A Call to Action for Federal Agencies



CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog: A Call to Action for Federal Agencies

In a recent development, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This latest addition highlights the importance of timely patching and vulnerability management in protecting federal civilian executive branch (FCEB) agencies from potential cyber threats. With patches available for both vulnerabilities, FCEB agencies are urged to apply them by August 20, 2025, to secure their networks.

  • N-able N-central has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog due to active exploitation.
  • The vulnerabilities in question are CVE-2025-8875 (insecure deserialization vulnerability) and CVE-2025-8876 (command injection vulnerability).
  • N-central versions 2025.3.1 and 2024.6 HF2 address these shortcomings, but customers must upgrade to secure their environment.
  • Federal agencies are recommended to apply the necessary fixes by August 20, 2025, due to active exploitation.



    • CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog: A Call to Action for Federal Agencies

    In a recent development, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This latest addition highlights the importance of timely patching and vulnerability management in protecting federal civilian executive branch (FCEB) agencies from potential cyber threats.

    N-able N-central is a Remote Monitoring and Management (RMM) platform designed for Managed Service Providers (MSPs), allowing customers to efficiently manage and secure their clients' Windows, Apple, and Linux endpoints from a single, unified platform. The vulnerabilities in question are listed below - CVE-2025-8875 (CVSS score: N/A) - An insecure deserialization vulnerability that could lead to command execution, and CVE-2025-8876 (CVSS score: N/A) - A command injection vulnerability via improper sanitization of user input.

    Both shortcomings have been addressed in N-central versions 2025.3.1 and 2024.6 HF2 released on August 13, 2025. N-able is also urging customers to make sure that multi-factor authentication (MFA) is enabled, particularly for admin accounts. "These vulnerabilities require authentication to exploit," N-able said in an alert. "However, there is a potential risk to the security of your N-central environment, if unpatched. You must upgrade your on-premises N-central to 2025.3.1."

    It's currently not known how the vulnerabilities are being exploited in real-world attacks, in what context, and what is the scale of such efforts. The Hacker News has reached out to N-able for comment, and we will update the story if we hear back.

    In light of active exploitation, FCEB agencies are recommended to apply the necessary fixes by August 20, 2025, to secure their networks. This recommendation emphasizes the critical nature of this vulnerability and the need for prompt action to prevent potential cyber attacks.

    The development comes a day after CISA placed two-year-old security flaws affecting Microsoft Internet Explorer and Office in the KEV catalog - CVE-2013-3893 (CVSS score: 8.8) - A memory corruption vulnerability in Microsoft Internet Explorer that allows for remote code execution, and CVE-2007-0671 (CVSS score: 8.8) - A remote code execution vulnerability in Microsoft Office Excel that can be exploited when a specially crafted Excel file is opened to achieve remote code execution.

    FCEB agencies have time till September 9, 2025, to update to the latest versions, or discontinue their use if the product has reached end-of-life (EoL) status, as is the case with Internet Explorer.

    In conclusion, this latest addition to CISA's KEV catalog highlights the importance of staying vigilant and proactive in addressing security vulnerabilities. It is essential for federal agencies to prioritize vulnerability management and take prompt action to patch known exploits to prevent potential cyber attacks. By doing so, they can effectively protect their networks and data from malicious actors.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/CISA-Adds-Two-N-able-N-central-Flaws-to-Known-Exploited-Vulnerabilities-Catalog-A-Call-to-Action-for-Federal-Agencies-ehn.shtml

  • https://thehackernews.com/2025/08/cisa-adds-two-n-able-n-central-flaws-to.html

  • https://nvd.nist.gov/vuln/detail/CVE-2013-3893

  • https://www.cvedetails.com/cve/CVE-2013-3893/

  • https://nvd.nist.gov/vuln/detail/CVE-2007-0671

  • https://www.cvedetails.com/cve/CVE-2007-0671/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-8875

  • https://www.cvedetails.com/cve/CVE-2025-8875/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-8876

  • https://www.cvedetails.com/cve/CVE-2025-8876/


    • Published: Thu Aug 14 00:01:03 2025 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us