N-able N-central, a widely used network management platform, is under active cyberattack as CISA flags two major security flaws that could jeopardize organizational infrastructure.
Quick Summary – TLDR:
- CISA added two N-able N-central vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
- The flaws, CVE-2025-8875 and CVE-2025-8876, allow attackers to execute commands and inject malicious code.
- N-able has released patches and urged immediate updates to versions 2025.3.1 or 2024.6 HF2.
- Federal agencies have until August 20 to comply, though all organizations are strongly advised to act fast.
What Happened?
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that two high-risk vulnerabilities in N-able N-central are being actively exploited. These flaws affect a core remote monitoring tool used by many Managed Service Providers (MSPs) to manage IT infrastructure across Windows, macOS, and Linux systems.
The Vulnerabilities Targeting N-central
N-able N-central is a critical tool for IT service providers. It gives administrators deep access to client environments, which is what makes these vulnerabilities so dangerous.
The two identified flaws are:
- CVE-2025-8875: An insecure deserialization vulnerability that can lead to command execution if exploited.
- CVE-2025-8876: A command injection flaw caused by improper sanitization of user inputs, which could let attackers execute unauthorized commands.
These vulnerabilities were patched on August 13, 2025, in versions 2025.3.1 and 2024.6 HF2 of N-central. N-able is urging customers to update immediately and enable multi-factor authentication, especially for admin accounts.
🛡️ We added Microsoft and RARLAB vulnerabilities CVE-2007-0671, CVE-2013-3893, & CVE-2025-8088 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec pic.twitter.com/8TOYRCYmha
— CISA Cyber (@CISACyber) August 12, 2025
“These vulnerabilities require authentication to exploit. However, there is a potential risk to the security of your N-central environment, if unpatched,” N-able said in a customer alert.
While it is not clear how attackers are exploiting these flaws or at what scale, the fact that they are being used in the wild makes immediate patching essential.
CISA Issues Seven-Day Compliance Mandate
CISA added both N-central vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on August 13, 2025, as part of its ongoing cybersecurity directive.
Under Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies must patch these flaws by August 20, 2025. This short timeline underscores how seriously the federal government views these threats.
CISA also added three more vulnerabilities to the KEV list:
- CVE-2013-3893: Microsoft Internet Explorer memory corruption issue
- CVE-2007-0671: Microsoft Excel remote code execution flaw
- CVE-2025-8088: A WinRAR path traversal vulnerability
These vulnerabilities are considered frequent entry points for attackers. Though BOD 22-01 only applies to FCEB agencies, CISA is urging all organizations to treat the KEV list as high priority in their own security practices.
Why N-central Is an Attractive Target?
N-central’s position as a remote monitoring platform makes it a prime target. It has privileged access to vast parts of enterprise infrastructure, which means if it’s compromised, attackers gain a shortcut into critical systems.
The fact that these exploits are already being used in real-world attacks raises concern, particularly given the lack of clarity around whether they’re linked to ransomware or nation-state operations.
SQ Magazine Takeaway
This is the kind of cybersecurity nightmare that keeps IT teams up at night. If you’re running N-central and haven’t patched yet, you’re essentially leaving the doors wide open for attackers. I’d strongly recommend treating this as a must-do today task, not a “we’ll get to it later” situation. These are not theoretical risks. The bad guys are already in motion, and N-central’s deep access means the damage could be catastrophic.
