PT-2025-33076 · N Able · N-Able N-Central

Published

2025-08-13

Updated

2025-11-25

CVE-2025-8876

CVSS v4.0

9.4

Critical

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions: N-able N-central versions prior to 2025.3.1

Description: Improper Input Validation in N-able N-central allows for OS Command Injection. This issue enables the execution of arbitrary operating system commands due to insufficient validation of user-supplied input.

Recommendations: Update N-able N-central to version 2025.3.1 or later.

Fix

OS Command Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-20

Related Identifiers

CVE-2025-8876

Affected Products

N-Able N-Central

PT-2025-33076 · N Able · N-Able N-Central

CVE-2025-8876

Weakness Enumeration

Related Identifiers

Affected Products

References · 48