CVE-2025-8875

N-able N-central: More Than 800 On-Premises Servers Remain Unpatched as Two Critical Flaws See Active Exploitation

News, Policy, Risk, Vulnerabilities

August 19, 2025

More than 800 N-able N-central servers remain unpatched against two critical, actively exploited flaws (CVE-2025-8875 and CVE-2025-8876), prompting federal and private-sector action as researchers warn that thousands of instances remain exposed online. Patch guidance and regulatory responses are being rolled out as investigations continue into the scope of exploitation.
CISA Adds Two N-able N-central Vulnerabilities to KEV; MSP Patch Push Underway

News, Policy, Risk, Vendors, Vulnerabilities

August 14, 2025

U.S. authorities added two vulnerabilities in N-able N-central to the Known Exploited Vulnerabilities catalog, while noting no public exploitation has been reported. The flaws—CVE-2025-8875 (insecure deserialization) and CVE-2025-8876 (command injection)—require authentication and have been patched in N-central versions 2025.3.1 and 2024.6 HF2, with upgrades urged for on-premises deployments.