Over 800 N-able Servers Exposed to Critical Unpatched Flaws
▼ Summary
– Over 800 N-able N-central servers remain unpatched against two critical security vulnerabilities that are actively exploited.
– The vulnerabilities, CVE-2025-8875 and CVE-2025-8876, allow authenticated attackers to inject and execute commands on unpatched devices.
– N-able has patched the flaws in version 2025.3.1 and confirmed exploitation in a limited number of on-premises environments.
– CISA added these flaws to its Known Exploited Vulnerabilities Catalog and ordered federal agencies to patch within one week.
– Approximately 2,000 N-central instances are currently exposed online, with most vulnerable servers located in the U.S., Canada, and the Netherlands.
More than 800 N-able N-central servers remain vulnerable to two critical security flaws that are currently being exploited in the wild. These vulnerabilities, identified as CVE-2025-8875 and CVE-2025-8876, allow authenticated attackers to inject and execute arbitrary commands on unpatched systems. N-central is widely used by managed service providers and IT teams for centralized monitoring and management of networks and devices.
The first vulnerability stems from improper input sanitization, while the second involves insecure deserialization. Both issues have been addressed in the N-central 2025.3.1 update, which the vendor strongly urges all on-premises customers to install immediately. Although exploitation has so far been limited to a small number of on-premises setups, the absence of evidence regarding cloud-based attacks offers little comfort to those still exposed.
According to the Shadowserver Foundation, approximately 880 vulnerable servers are still detectable online, with concentrations in the United States, Canada, and the Netherlands. These numbers, while indicative, highlight a significant portion of the roughly 2,000 N-central instances currently accessible over the internet.
In response to active threats, the Cybersecurity and Infrastructure Security Agency (CISA) has added both flaws to its Known Exploited Vulnerabilities Catalog. Federal agencies have been directed to apply patches by August 20, in compliance with Binding Operational Directive 22-01. Although the mandate applies specifically to federal civilian executive branch agencies, CISA encourages all organizations to review their systems and apply available mitigations without delay.
The agency emphasized that such vulnerabilities represent common entry points for malicious actors and pose serious risks to organizational security. Organizations still running outdated versions should prioritize upgrading or consider discontinuing use of the product if patching is not feasible.
(Source: Bleeping Computer)
