U.S. authorities on Tuesday confirmed two vulnerabilities in N-able N-central, a remote monitoring and management (RMM) platform popular with managed service providers, though there have been no public reports of exploitation to date. The Cybersecurity and Infrastructure Security Agency (Known Exploited Vulnerabilities catalog) lists the flaws as known-exploited and ordered U.S. federal civilian agencies to mitigate them within a week.
CVE-2025-8875 is classified as an insecure deserialization vulnerability, while CVE-2025-8876 is a command injection flaw. Both require attackers to authenticate with valid credentials to exploit the bugs, according to the disclosure. The company has not disclosed a CVSS score publicly.
N-able N-central is used by MSPs and IT teams to monitor, update, and secure fleets of endpoints from a central dashboard. It supports devices from multiple manufacturers, including Dell, HP, Cisco and Fortinet, making any unpatched vulnerability potentially impactful for a broad range of customers.
The flaws have been addressed in N-central v2025.3.1 and in v2024.6 HF2, with N-able urging customers running on-premises deployments to upgrade to one of these fixed versions. The company indicated it would provide additional details about the vulnerabilities about three weeks from the time of the disclosure.
CISA has not yet confirmed that the vulnerabilities are being leveraged in ransomware campaigns. Nevertheless, security researchers have previously observed attackers targeting MSP tools as a stepping stone to reach client networks, underscoring the importance of timely patching and monitoring for indicators of compromise.
MSP customers are advised to upgrade promptly to the fixed versions to mitigate potential risks to their N-central environments. N-able emphasized that continued use of unpatched installations could expose ecosystems to security threats.