CISA Issues Warning About N-able N-central Vulnerabilities Targeted in Zero-Day Attacks

CISA warned on Wednesday that attackers are actively exploiting two security vulnerabilities in N-able’s N-central remote monitoring and management (RMM) platform. N-central is widely used by Managed Services Providers (MSPs) and IT departments to monitor, manage, and maintain client networks and devices from a centralised web-based console. According to CISA, the two flaws allow threat actors to gain command execution via an insecure deserialization weakness (CVE-2025-8875) and inject commands by exploiting an improper sanitisation of user input vulnerability (CVE-2025-8876). Although N-able has yet to confirm CISA’s report regarding the exploitation of these security bugs in the wild, the company has patched them in N-central version 2025.3.1. N-able urged administrators to secure their systems before further information on the vulnerabilities is released.

CISA has added the flaws to its Known Exploited Vulnerabilities Catalog, mandating Federal Civilian Executive Branch (FCEB) agencies to patch their systems within one week, by August 20, as per the November 2021 Binding Operational Directive (BOD) 22-01. While BOD 22-01 primarily targets U.S. federal agencies, CISA encouraged all organisations, including those in the private sector, to prioritise securing their devices against these actively exploited security flaws. CISA cautioned that these types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Shodan searches indicate that approximately 2,000 N-able N-central instances are exposed online, with the majority originating from the United States, Australia, and Germany. 

Categories: Cybersecurity Vulnerabilities, Remote Monitoring and Management, Incident Response 

Tags: CISA, N-able, N-central, Vulnerabilities, Command Execution, Insecure Deserialization, User Input Sanitization, Managed Services Providers, Cybersecurity, Patch