The cybersecurity agency CISA warns of two recently exploited vulnerabilities in N-able’s N-central RMM product, which could impact MSPs and IT environments. N-able released a security update, but the active exploitation suggests these flaws might be zero-days. #CISA #N-able #Ncentral #CVE20258875 #CVE20258876
Keypoints
- N-able’s N-central product has two critical vulnerabilities tracked as CVE-2025-8875 and CVE-2025-8876.
- CISA has added these vulnerabilities to its KEV catalog due to active exploitation concerns.
- The flaws include an insecure deserialization issue and a command injection flaw.
- N-able’s security patch version 2025.3 addresses these vulnerabilities, but details are pending release.
- Threat actors may exploit these vulnerabilities to compromise MSP customers’ environments, making prompt patching essential.
Read More: https://www.securityweek.com/cisa-warns-of-attacks-exploiting-n-able-vulnerabilities/