CVE-2025-8876

Critical KEV CVSS: 9.4

Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.

Vendor

Product

CWE

Yayın Tarihi

2025-08-14 15:15:43

Güncelleme

2025-10-27 14:58:04

Source Identifier

a5532a13-c4dd-4202-bef1-e0b8f2f8d12b

KEV Date Added

2025-08-13

CWE-20 N-central CRITICAL N-able 2025

https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8876

Critical

CVE-2025-11366

N-central < 2025.4 is vulnerable to authentication bypass via path traversal

Critical

CVE-2025-11367

The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization

High

CVE-2025-11700

N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure

High

CVE-2025-10231

An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstanc…

High

CVE-2025-7051

On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers…

Critical

CVE-2025-8875

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-…