The Cybersecurity and Infrastructure Security Agency (CISA) has recently added two critical vulnerabilities affecting N-able’s N-central to its Known Exploited Vulnerabilities (KEV) Catalog. These are identified as CVE-2025-8875 (insecure deserialization) and CVE-2025-8876 (command injection), both of which are classified as serious security flaws currently exploited in the wild.
N-able N-central is a widely used remote monitoring and management (RMM) platform, particularly prevalent among managed service providers (MSPs) and enterprises. The vulnerabilities pose high risks because exploitation can lead to full remote code execution or arbitrary command execution, allowing attackers to compromise management servers and subsequently control multiple client systems.
CISA’s inclusion of these vulnerabilities in the KEV Catalog means that federal agencies are mandated to remediate them within strict deadlines as outlined in Binding Operational Directive 22-01, typically within two weeks for such new critical vulnerabilities. The entry signals that there is reliable evidence these vulnerabilities are actively exploited by threat actors.
Operators and administrators of N-able N-central should urgently undertake the following actions:
- Inventory all N-central deployments in their environments.
- Restrict and monitor network access to management interfaces.
- Hunt for indicators of exploitation related to insecure deserialization and command injection.
- Apply vendor patches and mitigations immediately once available.
- Where vendor advisories or patches are delayed, implement containment measures such as network isolation, credential rotation, increased logging, and multi-factor authentication on management access.
As of August 13, 2025, no publicly available detailed vendor security advisory has been found, so organizations should closely monitor N-able’s channels for updates.
The KEV listing underscores the operational urgency due to active exploitation and the critical nature of these flaws. MSPs should coordinate remediation carefully to minimize service impact but act swiftly to reduce the attack surface and prevent escalation or widespread compromise.
In summary, the addition of these two N-able N-central vulnerabilities to CISA’s KEV Catalog represents an urgent cybersecurity alarm that requires immediate attention and remediation to protect managed services and enterprise environments from ongoing attacks.
