PT-2025-33075 · N Able · N-Able N-Central
Published
2025-08-13
·
Updated
2025-11-25
·
CVE-2025-8875
CVSS v4.0
9.4
Critical
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions:
N-able N-Central versions prior to 2025.3.1
N-able N-Central versions prior to 2024.6 Hotfix 2
Description:
A deserialization of untrusted data issue exists in N-able N-Central, potentially allowing for local execution of code. This vulnerability is actively exploited in the wild. The issue could lead to command execution.
Recommendations:
N-able N-Central versions prior to 2025.3.1: Upgrade to version 2025.3.1 or later.
N-able N-Central versions prior to 2024.6 Hotfix 2: Upgrade to version 2024.6 Hotfix 2 or later.
Enable multi-factor authentication on administrator accounts.
Fix
RCE
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
N-Able N-Central