Particle.news
Download on the App Store
7 ARTICLES
·
2w ago

CISA Lists Two N-able N-central Flaws as Actively Exploited

Evidence of in-the-wild exploitation triggered an accelerated patch deadline of August 20 for federal civilian agencies under CISA’s Known Exploited Vulnerabilities mandate.

Image
N-able N-central
Image

Overview

  • CISA has added CVE-2025-8875 and CVE-2025-8876 to its Known Exploited Vulnerabilities catalog after confirming evidence of active exploitation.
  • Under Binding Operational Directive 22-01, Federal Civilian Executive Branch agencies must remediate the flaws by August 20, 2025.
  • N-able released patches in N-central versions 2025.3.1 and 2024.6 HF2 on August 13 and urged on-premises users to upgrade and enable multi-factor authentication for admin accounts.
  • CVE-2025-8875 allows remote command execution through insecure deserialization and CVE-2025-8876 enables command injection via improper input sanitization, both requiring user authentication to exploit.
  • Internet scans show roughly 2,000 N-central instances remain exposed online, heightening the urgency for MSPs and organizations to apply vendor mitigations.