Patch Management
-
CISA Adds Two N-able N-central Vulnerabilities to KEV; MSP Patch Push Underway
U.S. authorities added two vulnerabilities in N-able N-central to the Known Exploited Vulnerabilities catalog, while noting no public exploitation has been reported. The flaws—CVE-2025-8875 (insecure deserialization) and CVE-2025-8876 (command injection)—require authentication and have been patched in N-central versions 2025.3.1 and 2024.6 HF2, with upgrades urged for on-premises deployments.
-
Zoom and Xerox patch critical Windows and FreeFlow Core flaws that could enable privilege escalation and remote code execution
Zoom and Xerox released patches for critical vulnerabilities in Zoom Clients for Windows and FreeFlow Core, including a high-severity privilege-escalation flaw (CVE-2025-49457) in Windows Zoom clients and two severe flaws in FreeFlow Core (CVE-2025-8355 and CVE-2025-8356) that could enable remote code execution, prompting enterprise patches and risk-mitigation guidance.
-
Cisco Issues Urgent Patches for Critical Vulnerabilities in Cloud Services
Cisco has issued patches for critical vulnerabilities in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP), warning of potential exploits that could allow unauthorized access and disruption of services in cloud deployments.
