CISA Adds Two Vulnerabilities in N-able N-central to Its Known Exploited Vulnerabilities Catalog

Aug 14, 2025 | Vulnerability / Network Security

On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) included two security flaws affecting N-able N-central in its Known Exploited Vulnerabilities (KEV) catalog, due to evidence of active exploitation. N-able N-central is a Remote Monitoring and Management (RMM) platform tailored for Managed Service Providers (MSPs) to effectively manage and safeguard their clients’ Windows, Apple, and Linux endpoints from a centralized platform.

The identified vulnerabilities are as follows:

  • CVE-2025-8875 (CVSS score: N/A): An insecure deserialization vulnerability that may allow for command execution.
  • CVE-2025-8876 (CVSS score: N/A): A command injection vulnerability resulting from improper sanitization of user input.

Both issues have been resolved in N-central versions 2025.3.1 and 2024.6 HF2, released on August 13, 2025. N-able is also advising customers to ensure multi-factor authentication (MFA) is enabled, particularly for admin accounts.

CISA Adds Two N-able N-central Vulnerabilities to High-Risk Catalog

On August 14, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the inclusion of two significant vulnerabilities related to N-able N-central in its Known Exploited Vulnerabilities (KEV) catalog. This decision comes in response to evidence indicating that these flaws are currently being exploited in real-world scenarios.

N-able N-central is a widely used Remote Monitoring and Management (RMM) platform aimed at Managed Service Providers (MSPs). It enables users to manage and secure their clients’ endpoints, which encompass Windows, Apple, and Linux systems, from a singular interface. The integration of these critical functionalities has made the platform an attractive target for malicious actors.

The vulnerabilities listed in the KEV catalog are identified as CVE-2025-8875 and CVE-2025-8876. The first vulnerability involves an insecure deserialization flaw that may allow attackers to execute arbitrary commands. The second exposes the system to command injection risks due to inadequate input sanitization. Both issues pose a serious threat to businesses that rely on N-central for their operations.

To mitigate these vulnerabilities, N-able has released updated versions of N-central—specifically, versions 2025.3.1 and 2024.6 HF2—on August 13, 2025. In addition to implementing these updates, N-able strongly recommends that customers activate multi-factor authentication (MFA), especially for administrative accounts, to bolster their defenses against potential intrusions.

The vulnerabilities affect organizations primarily within the United States, revealing a broader issue concerning the security of RMM platforms. Given the attacks’ nature, tactics from the MITRE ATT&CK framework, such as initial access, privilege escalation, and command and control, may have been employed by threat actors. These methods highlight the importance of proactive security measures and adherence to best practices within the realm of cybersecurity.

As the landscape of cyber threats continues to evolve, the inclusion of these vulnerabilities in the KEV catalog underscores the urgency for MSPs and businesses utilizing N-able N-central to take immediate action. Ensuring that all systems are updated and monitoring for suspicious activities should be prioritized to safeguard against potential exploitation. This incident serves as a reminder of the ongoing challenges faced in the realm of cybersecurity, urging companies to remain vigilant in their security practices.

Source link

Related Posts

Russian Group EncryptHub Utilizes MSC EvilTwin Vulnerability to Distribute Fickle Stealer Malware

August 16, 2025
Malware / Vulnerability

The cybercriminal organization known as EncryptHub is continuing to take advantage of a recently patched vulnerability in Microsoft Windows to deliver harmful payloads. Trustwave SpiderLabs has reported observing an EncryptHub campaign that combines social engineering tactics with the exploitation of a flaw in the Microsoft Management Console (MMC) framework (CVE-2025-26633, also referred to as MSC EvilTwin), initiating the infection process through a malicious Microsoft Console (MSC) file. According to Trustwave researchers Nathaniel Morales and Nikita Kazymirskyi, “These actions are part of a larger, ongoing wave of malicious activity blending social engineering with technical exploitation to circumvent security defenses and gain control of internal networks.” EncryptHub, also recognized as LARVA-208 and Water Gamayun, is a Russian hacking group that first emerged in mid-2024. Operating at a high pace, this financially motivated team is known for using various strategies, including fraudulent job postings…

Leveraging Wazuh for Achieving Regulatory Compliance

Published on: Aug 18, 2025

In industries that manage sensitive data and personally identifiable information (PII), adherence to regulatory compliance standards is critical. This necessity extends to sectors such as healthcare, finance, government contracting, and education. Key compliance frameworks include:

  • Payment Card Industry Data Security Standard (PCI DSS)
  • General Data Protection Regulation (GDPR)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • NIST Special Publication 800-53
  • Trust Services Criteria (TSC)
  • Cybersecurity Maturity Model Certification (CMMC)

Importance of Compliance

Meeting compliance requirements is essential for several reasons:

  • Protecting organizations from cybersecurity threats, risks, and data breaches.
  • Establishing effective organizational processes that support continuous compliance.

⚡ Weekly Roundup: NFC Scams, Curly COMrades, N-able Exploits, Docker Vulnerabilities & More

Aug 18, 2025
Cybersecurity / Hacking Insights

Power doesn’t vanish in a single breach; it gradually erodes through overlooked patches, misconfigured settings, and unmonitored systems. Security doesn’t fail in an instant; it declines slowly, then suddenly. Staying safe isn’t about knowing everything—it’s about taking swift, decisive action before issues accumulate. Clarity fosters control, while hesitation breeds risk. Below are this week’s key developments—each highlighting where prompt action is essential.

⚡ Threat of the Week

Ghost Tap NFC Mobile Fraud on the Rise
— A new Android Trojan, PhantomCard, has emerged as the latest malware targeting near-field communication (NFC) to execute relay attacks aimed at defrauding banking customers in Brazil. Users who inadvertently install the malicious app are guided to place their credit/debit card on the back of their phone to initiate verification, only for their card information to be transmitted to an attacker-controlled NFC relay…

Microsoft Windows Flaw Used to Launch PipeMagic RansomExx Malware

Cybersecurity researchers have revealed that threat actors are exploiting a now-patched vulnerability in Microsoft Windows to deploy the PipeMagic malware during RansomExx ransomware attacks. This exploitation hinges on CVE-2025-29824, a privilege escalation vulnerability affecting the Windows Common Log File System (CLFS), which Microsoft addressed in April 2025, according to a report from Kaspersky and BI.ZONE. First identified in 2022, PipeMagic has been utilized in RansomExx attacks targeting industrial sectors in Southeast Asia, functioning as a backdoor that allows remote access and execution of various commands on compromised systems. Past incidents have shown attackers exploiting CVE-2017-0144, a remote code execution vulnerability in Windows SMB, to breach victim networks. Notably, infection chains observed in October 2024 in Saudi Arabia were linked to a fraudulent OpenAI ChatGPT application.