CISA Flags Two Actively Exploited N-central Vulnerabilities: CVE-2025-8875 and CVE-2025-8876

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities in N-able’s N-central software to its Known Exploited Vulnerabilities (KEV) Catalog. This listing confirms that the flaws are being actively targeted by attackers and require urgent attention from organizations using the platform.

N-able N-central is a popular remote monitoring and management (RMM) tool used by managed service providers (MSPs) to manage and secure client systems. It supports Windows, macOS, and Linux, offering centralized control over networks and devices, which makes it a valuable target for cybercriminals.

The first vulnerability, CVE-2025-8875, is classified as an insecure deserialization flaw. This type of weakness allows attackers to manipulate application data in a way that could let them run arbitrary commands, potentially gaining full control over the affected system.

The second vulnerability, CVE-2025-8876, is a command injection issue caused by improper sanitization of user input. If exploited, it can enable an attacker to send harmful commands directly to the operating system, leading to serious security breaches.

CISA’s inclusion of these flaws in the KEV Catalog means they are already being used in real-world cyberattacks. For U.S. federal agencies, this triggers mandatory patching requirements under Binding Operational Directive 22-01, with a fixed deadline for remediation.

While these requirements apply specifically to federal agencies, CISA strongly urges all organizations to act immediately. Cyber attackers often target any unpatched systems, regardless of whether they belong to government or private entities.

N-able has released updates to fix both vulnerabilities, with patched versions available in N-central 2025.3.1 and N-central 2024.6 HF2. Organizations are advised to upgrade as soon as possible to close off these attack vectors.

According to N-able, both vulnerabilities require authentication to exploit. However, attackers can bypass this layer by stealing credentials through phishing, weak passwords, or other common methods, meaning the risk remains high if systems are left unpatched.

To strengthen security further, N-able recommends enabling multi-factor authentication (MFA) for all accounts, especially administrator profiles. MFA adds an extra verification step that significantly reduces the chances of unauthorized access, even if a password is compromised.

In short, CVE-2025-8875 and CVE-2025-8876 present serious security threats to N-central users. Applying the patches, enabling MFA, and maintaining strong security practices are essential steps to protect networks and systems from ongoing exploitation.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news