Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added N-able N-Central flaws to its Known Exploited Vulnerabilities catalog. The update includes two critical vulnerabilities, a deserialization flaw and a command injection vulnerability. MSPs are urged to upgrade their on-premises N-central version 2025.3.1 to address these vulnerabilities. Private organizations are advised to review the identified vulnerabilities in their infrastructure and implement measures to address these threats before they become an opportunity for attackers.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities in the N-able N-Central platform: CVE-2025-8875 (insecure deserialization) and CVE-2025-8876 (command injection). N-central is a Remote Monitoring and Management (RMM) platform that provides MSPs with tools to monitor, maintain, and protect clients' devices. The insecure deserialization vulnerability allows attackers to deserialize arbitrary data into the application's internal data structures, while the command injection vulnerability enables injecting malicious commands into the platform's workflow. CISA urges MSPs to upgrade their on-premises N-central version 2025.3.1 to address these vulnerabilities and protect clients' networks against potential attacks.
In a recent update, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities in the N-able N-Central platform to its Known Exploited Vulnerabilities catalog. The vulnerabilities, identified as CVE-2025-8875 and CVE-2025-8876, have been classified as insecure deserialization and command injection flaws respectively.
N-able N-central is a Remote Monitoring and Management (RMM) platform designed for Managed Service Providers (MSPs) to centrally manage and secure Windows, Apple, and Linux endpoints. The platform provides MSPs with the tools they need to monitor, maintain, and protect their clients' devices from various threats.
The insecure deserialization vulnerability, CVE-2025-8875, is a critical flaw that allows an attacker to deserialize arbitrary data into the application's internal data structures. This can lead to the execution of system-level commands or access to sensitive information within the system. The command injection vulnerability, CVE-2025-8876, enables an attacker to inject malicious commands into the platform's workflow, potentially allowing them to execute unintended actions.
According to CISA, both vulnerabilities require authentication to exploit but pose a significant risk to the security of N-central environments if left unpatched. MSPs are urged to upgrade their on-premises N-central version 2025.3.1 to address these vulnerabilities and protect their clients' networks against potential attacks.
In addition to this update, CISA has also added Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog. These updates serve as a reminder of the importance of regularly monitoring and addressing known security vulnerabilities in third-party software and applications used within organizational networks.
It is worth noting that private organizations are advised to review the CISA-identified vulnerabilities in their own infrastructure and implement measures to address these threats before they become an opportunity for attackers. Furthermore, federal agencies subject to the Federal Cybersecurity Executive Order (FCEB) must also fix these identified vulnerabilities by August 20, 2025.
As with all security updates and patches, it is crucial that organizations prioritize timely implementation of fixes to mitigate potential risks associated with these identified vulnerabilities.
Related Information:
https://www.ethicalhackingnews.com/articles/The-N-able-N-Central-Flaw-A-Critical-Security-Vulnerability-Added-to-the-Known-Exploited-Vulnerabilities-Catalog-ehn.shtml
https://securityaffairs.com/181135/security/u-s-cisa-adds-n-able-n-central-flaws-to-its-known-exploited-vulnerabilities-catalog.html
https://thehackernews.com/2025/08/cisa-adds-two-n-able-n-central-flaws-to.html
https://www.bleepingcomputer.com/news/security/cisa-warns-of-n-able-n-central-flaws-exploited-in-zero-day-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2025-8875
https://www.cvedetails.com/cve/CVE-2025-8875/
https://nvd.nist.gov/vuln/detail/CVE-2025-8876
https://www.cvedetails.com/cve/CVE-2025-8876/
Published: Thu Aug 14 04:56:13 2025 by llama3.2 3B Q4_K_M
