The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two high-risk vulnerabilities in N-able N-central to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of active exploitation in the wild.
Identified as CVE-2025-8875, a deserialization vulnerability, and CVE-2025-8876, a command injection vulnerability, both issues pose cybersecurity risks to system integrity and are prompting immediate security action across enterprises.
Decoding N-able N-central Vulnerabilities: CVE-2025-8875 and CVE-2025-8876
According to the release notes from N-able, these vulnerabilities were addressed in the 2025.3.1 version of N-central, which began rolling out on August 14, 2025, following final updates on August 13, 2025. While both vulnerabilities require authentication to exploit, they remain a substantial risk to unpatched environments. If successfully leveraged, these flaws could allow attackers to execute arbitrary code or commands, potentially leading to full system compromise.
CVE-2025-8875 refers specifically to an insecure deserialization vulnerability, a common issue in software that mishandles untrusted data during object deserialization. When exploited, this flaw can allow remote attackers to gain unauthorized control over system functions.
Meanwhile, CVE-2025-8876, the command injection vulnerability, could permit authenticated attackers to inject and execute arbitrary commands on the underlying server, leading to potential data breaches or service disruptions.
Immediate Mitigation Steps
N-able is urging all users, especially those managing on-premises deployments, to upgrade to version 2025.3.1 without delay. The company emphasized that details of both CVEs will remain restricted for three weeks post-release in line with its responsible disclosure policies.
“There is a potential risk to the security of your N-central environment if unpatched,” the release notes warned. “You must upgrade your on-premises N-central to 2025.3.1.”
Additionally, Multi-Factor Authentication (MFA) must be enabled and enforced across all N-able products, particularly for administrative accounts. The company reiterated that MFA is not just a recommendation but a critical safeguard in mitigating risks from these vulnerabilities.
What’s New in the 2025.3.1 Release
Aside from security fixes, the latest N-central release brings several new features and enhancements focused on usability, performance, and visibility:
- Expanded Audit Logging: New user-initiated events, including SSH login/logout and scheduled task changes, are now captured and exportable to Syslog for better traceability.
- Device Management API Updates: Admins can now automatically add devices via the /api/device endpoint, streamlining deployments. Additionally, application names are more clearly visible through updated asset calls.
- Asset Tagging Capabilities (Preview): New features allow the categorization of devices using customizable asset tags across organizational levels, Partner, SO, Customer, and Site.
These enhancements are designed to help partners manage large, distributed environments with greater control and efficiency.
Continued Focus on Compliance
N-able also confirmed ongoing development toward a CMMC Level 2-compliant version of N-central. This compliance is crucial for partners working with the U.S. Department of Defense (DoD) or managing sensitive federal contracts. The new version is being tailored for on-premises deployments to meet stringent federal cybersecurity standards.
Bug Fixes Address System Stability
A series of bug fixes was also included in the 2025.3.1 update, targeting issues such as failed PSA exports due to long passwords, broken remote support configurations, outdated asset mappings, and system errors caused by identifier overflows.
Among notable fixes:
- Take Control setup failures have been resolved for smoother remote support sessions.
- Scheduled tasks stuck due to network shares have been corrected.
- Malformed HP drive mappings and redundant asset name prefixes have also been addressed.
Conclusion
The inclusion of CVE-2025-8875 and CVE-2025-8876 in CISA’s Known Exploited Vulnerabilities catalog highlights the critical nature of these actively exploited flaws in N-able N-central. The presence of both a deserialization vulnerability and a command injection vulnerability creates a direct risk, particularly in systems lacking robust access controls or up-to-date security practices.
Organizations are strongly urged to upgrade to N-central version 2025.3.1, enforce multi-factor authentication (MFA), monitor for suspicious activity, and leverage the enhanced audit log features to strengthen their security posture. With threat actors already exploiting these vulnerabilities, timely action is not just recommended; it is imperative.
