The U.S. CISA has added two vulnerabilities in N-able N-central to its KEV catalog due to active exploitation, urging timely updates for security. The vulnerabilities impact Managed Service Providers and require authentication to exploit, emphasizing the importance of patching and enabling multi-factor authentication. #NableNcentral #CVE20258875 #CVE20258876
Keypoints
- CISA added two vulnerabilities in N-able N-central to its KEV list due to ongoing exploitation.
- The flaws are an insecure deserialization and a command injection, both requiring authentication to exploit.
- N-able released patches in versions 2025.3.1 and 2024.6 HF2 to fix these issues.
- Federal agencies are advised to apply updates by August 20, 2025, to secure their environments.
- Active exploitation risks highlight the importance of patch management and multi-factor authentication for MSPs.
Read More: https://thehackernews.com/2025/08/cisa-adds-two-n-able-n-central-flaws-to.html