Detections
Analytics

N-able N-central < 2024.6 HF2 / 2025.x < 2025.3.1 Multiple Vulnerabilities

critical Nessus Plugin ID 250278

Synopsis

The N-able N-central instance installed on the remote host is affected by multiple vulnerabilities.

Description

The version of N-able N-central installed on the remote host is prior to 2024.6 HF2 or 2025.x prior to 2025.3.1. It is, therefore, affected by multiple vulnerabilities:

 - Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code. (CVE-2025-8875)

 - Improper Input Validation vulnerability in N-able N-central allows OS Command Injection. (CVE-2025-8876) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade N-able N-central to version 2024.6 HF2, 2025.3.1 or later.

See Also

http://www.nessus.org/u?733fc5bd

http://www.nessus.org/u?91e2058b

Plugin Details

Severity: Critical

ID: 250278

File Name: n_able_n_central_CVE-2025-8875-8876.nasl

Version: 1.2

Type: remote

Family: CGI abuses

Published: 8/15/2025

Updated: 8/15/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v4

Risk Factor: Critical

Base Score: 9.4

Threat Score: 9.4

Threat Vector: CVSS:4.0/E:A

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CVSS Score Source: CVE-2025-8876

Vulnerability Information

CPE: cpe:/a:n-able:n-central

Required KB Items: installed_sw/N-able N-central

Exploit Ease: No known exploits are available

Patch Publication Date: 8/13/2025

Vulnerability Publication Date: 8/13/2025

CISA Known Exploited Vulnerability Due Dates: 8/20/2025

Reference Information

CVE: CVE-2025-8875, CVE-2025-8876