The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities affecting N-able N-Central to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The addition of CVE-2025-8875 and CVE-2025-8876 to the catalog on August 13, 2025, triggers mandatory remediation requirements for federal agencies and serves as an urgent warning to all organizations using the popular remote monitoring and management (RMM) platform.
N-able N-Central, a widely deployed RMM platform used by Managed Service Providers (MSPs) to monitor and secure client endpoints across Windows, Apple, and Linux systems, contains two severe security vulnerabilities that could enable attackers to achieve command execution.
CVE-2025-8875 represents an insecure deserialization vulnerability that can lead to arbitrary code execution, while CVE-2025-8876 involves a command injection flaw arising from improper sanitization of user input.
Both vulnerabilities require authentication to exploit, but N-able has warned that they pose “a potential risk to the security of your N-central environment, if unpatched”.
The company emphasizes that organizations must upgrade their on-premises N-Central installations immediately to address these critical security gaps.
The inclusion of these vulnerabilities in CISA’s KEV catalog is particularly significant because it confirms active exploitation by threat actors in real-world attacks.
While the specific details of how attackers are leveraging these vulnerabilities remain unclear, the KEV listing indicates that malicious actors have already weaponized both vulnerabilities to compromise target systems.
N-able N-Central Deserialization
N-able has released fixes for both vulnerabilities in two versions: N-Central 2025.3.1 and 2024.6 HF2, both made available on August 13, 2025.
The company is urging all customers to implement these updates immediately and ensure that multi-factor authentication (MFA) is enabled, particularly for administrative accounts.
Under the federal government’s Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch agencies must remediate these KEV-listed vulnerabilities by August 20, 2025.
The directive mandates that agencies apply vendor-provided mitigations, follow applicable cloud service guidance, or discontinue use of the product if patches are unavailable.
The tight remediation timeline reflects the serious nature of these vulnerabilities and their potential impact on critical infrastructure.
Organizations that fail to patch these vulnerabilities risk exposing their entire managed client base to compromise, as RMM platforms provide privileged access to numerous endpoints and systems across customer networks.
Broader Implications
The discovery of actively exploited vulnerabilities in N-able N-Central highlighted the growing threat landscape facing MSPs and their clients.
When RMM platforms are compromised, attackers gain a powerful foothold that can facilitate widespread network access and lateral movement across multiple customer environments.
The authentication requirement for exploitation does not significantly reduce the risk, as threat actors frequently target administrative credentials through phishing campaigns and other social engineering techniques.
Industry experts emphasize that MSPs should treat this incident as a wake-up call to strengthen their security postures beyond just applying patches.
Recommended measures include implementing robust network segmentation to isolate management interfaces, enhancing monitoring capabilities to detect unusual system behavior, and establishing comprehensive backup and recovery procedures.
The vulnerabilities also underscore the importance of the KEV catalog as a prioritization tool for vulnerability management.
Unlike traditional CVSS scoring systems that focus on theoretical impact, KEV listings provide definitive evidence that attackers are actively exploiting specific vulnerabilities in the wild.
This real-world exploitation data enables organizations to focus their limited resources on the vulnerabilities that pose the most immediate threat to their operations.
As the cybersecurity community continues to monitor these threats, organizations using N-able N-Central should prioritize immediate patching while implementing additional security controls to protect against potential compromise during the update process.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
 has added two critical vulnerabilities affecting N-able N-Central to its Known Exploited Vulnerabilities (KEV).){kind=link}