CVE-2025-11700
N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure
CVE-2025-11367
The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization
CVE-2025-11366
N-central < 2025.4 is vulnerable to authentication bypass via path traversal
CVE-2025-10231
An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can allow a local low-level user to run commands with elevated permissions.
CVE-2025-7051
On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2.
CVE-2025-8876
Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.
CVE-2025-8875
Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.
CVE-2024-8510
N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Customer data is not exposed.
This vulnerability is present in all deployments of N-central prior to N-central 2024.6.