- CISA has added two newly exploited vulnerabilities in N-able N-central to its Known Exploited Vulnerabilities catalog.
- The vulnerabilities, CVE-2025-8875 and CVE-2025-8876, have been actively exploited and impact remote monitoring software used by managed service providers.
- N-able released security patches in versions 2025.3.1 and 2024.6 HF2 to fix these issues on August 13, 2025.
- U.S. federal agencies must apply patches by August 20, 2025, in response to active exploitation risks.
- CISA also flagged two older Microsoft vulnerabilities, urging updates or discontinuation for unsupported products by September 9, 2025.
The Cybersecurity and Infrastructure Security Agency (CISA) announced on August 14, 2025, that it added two critical security vulnerabilities affecting the N-able N-central platform to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. The vulnerabilities impact N-able N-central, a remote monitoring and management platform widely used by managed service providers to oversee client networks and computers.
The two flaws—CVE-2025-8875, which enables command execution through insecure deserialization, and CVE-2025-8876, which is a command injection risk caused by insufficient sanitization of user inputs—were addressed in versions 2025.3.1 and 2024.6 HF2 released on August 13. N-able urges all customers, especially those with administrative accounts, to enable multi-factor authentication and upgrade to the latest software release.
N-able stated: “These vulnerabilities require authentication to exploit. However, there is a potential risk to the security of your N-central environment, if unpatched. You must upgrade your on-premises N-central to 2025.3.1.” The scale and method of the active exploitation are not yet known. CISA is advising all Federal Civilian Executive Branch (FCEB) agencies to apply the required patches by August 20, 2025, to mitigate potential threats.
In addition, on August 13, CISA included two older Microsoft vulnerabilities in its KEV catalog. These include CVE-2013-3893, a memory corruption issue in Internet Explorer allowing remote code execution, and CVE-2007-0671, a remote code execution vulnerability in Microsoft Office Excel. Updates must be applied or unsupported products like Internet Explorer discontinued by September 9, 2025.
At this time, the specific exploitation techniques for the N-central vulnerabilities have not been publicly disclosed. The situation remains under review as agencies and organizations work to implement the designated protections.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Memecoin Market Soars 14% as Investors Bet Big on Crypto Rally
- Bitcoin Hits $124K, Realized Price Tops 200-Week Average in 2025
- Google Mandates Licenses for Crypto Apps Amid Scam Concerns
- Justin Sun Sues Bloomberg to Block Release of Confidential Crypto Data
- Bitcoin Soars Past $124K on Rate Cut Bets, Crypto Market Rallies
