CISA Warns of Actively Exploited N-able N-central Flaws

 

 

The US Cybersecurity and Infrastructure Security Agency (CISA) has added two N-able N-central vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, signalling that these flaws are being actively exploited by cyber attackers.

 

This development serves as a critical warning to organisations, especially those in the UK, using the remote monitoring and management (RMM) platform to immediately apply the necessary patches.

 

The two vulnerabilities, identified as CVE-2025-8875 and CVE-2025-8876, are serious threats that can lead to remote code execution.

 

CVE-2025-8875 is an insecure deserialisation flaw, which allows an attacker to execute arbitrary code by manipulating data sent to the application.

 

 CVE-2025-8876 is a command injection vulnerability, which enables attackers to inject and execute system commands through unsanitised user input.

 

Although N-able notes that these vulnerabilities require authentication to exploit, their active use in attacks makes them a high-priority risk.

 

These flaws are of particular concern because N-able N-central is widely used by managed service providers (MSPs) to manage the IT infrastructure of their clients.

 

 A successful exploit could allow a threat actor to gain a foothold in multiple networks, leading to a much broader compromise.

 

CISA’s directive requires US Federal Civilian Executive Branch (FCEB) agencies to remediate these vulnerabilities by 20 August 2025. While this mandate does not apply to UK private sector firms, it highlights the urgency of the situation. All organisations using N-able N-central should treat this as a serious matter and patch their systems without delay.

 

 N-able has provided patched versions of the software to address these issues.

 

The vulnerabilities are resolved in N-central 2025.3.1 and N-central 2024.6 HF2. To mitigate the risk, organisations should ensure they are running one of these patched versions. Furthermore, N-able recommends that users, particularly administrators, enable multi-factor authentication (MFA) to add an essential layer of security.