The U.S. CISA has added two critical vulnerabilities, CVE-2025-8875 and CVE-2025-8876, in N-able N-central to its KEV catalog due to active exploitation. Organizations are urged to upgrade to version 2025.3.1, enable MFA, and implement security best practices to protect against potential system compromises. #CVE-2025-8875 #CVE-2025-8876 #NableNcentral
Keypoints
- The vulnerabilities, impacting N-able N-central, are actively exploited and require immediate patching.
- CVE-2025-8875 involves insecure deserialization, enabling remote attackers to control systems.
- CVE-2025-8876 allows authenticated attackers to execute arbitrary commands via command injection.
- The latest update, version 2025.3.1, addresses these flaws and adds new features for better management.
- Enforcing Multi-Factor Authentication (MFA) and upgrading systems are critical preventative measures.
Read More: https://thecyberexpress.com/cisa-warns-of-cve-2025-8875-and-cve-2025-8876/