🔴 CVE-2025-8875

Critical deserialization vulnerability in N-able N-central allows remote code execution with low privileges over network. This is actively exploited according to CISA KEV listing. N-central is commonly deployed as an internet-facing server for MSP remote management services.

← Back to Overview
HIGH_RISK
Risk Level
9.4
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-08-14

Added to CISA KEV: 2025-08-13 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-8875 is a critical security vulnerability affecting N-able N-central, a widely used Remote Monitoring and Management (RMM) solution popular among Managed Service Providers (MSPs) [1].

Below is a summary of the known details regarding this vulnerability:

Vulnerability Overview
  • Type: Insecure Deserialization of Untrusted Data [2].
  • Impact: Successful exploitation allows for the execution of code on the affected system [2].
  • Affected Versions: N-able N-central versions prior to 2025.3.1 [2].
Exploitation and Threat Landscape
  • Active Exploitation: The vulnerability has been confirmed as being actively exploited in the wild [3].
  • CISA KEV Catalog: Due to evidence of active exploitation, CISA added CVE-2025-8875 to its Known Exploited Vulnerabilities (KEV) Catalog on August 13, 2025 [3].
  • Ransomware/Targeted Attacks: While CISA notes that these types of vulnerabilities are frequent attack vectors for malicious actors, specific attribution to a particular ransomware campaign or targeted threat actor group has not been publicly detailed in the available reports. However, because N-central is an RMM tool used to manage many downstream client networks, it is a high-value target for attackers seeking to gain broad, unauthorized access to multiple environments simultaneously [1].
Exploitation Requirements and Access
  • Method: The vulnerability is classified as an insecure deserialization flaw. While the NVD description mentions "Local Execution of Code," the context of it being an RMM vulnerability often implies that it can be leveraged by attackers to gain a foothold on the management server, which can then be used to push malicious payloads to all managed endpoints.
  • User Interaction: Specific requirements regarding user interaction or network positioning (remote vs. local) are not explicitly detailed in the initial advisories, but RMM vulnerabilities are typically prioritized because they often allow for remote, unauthenticated, or low-privilege access that leads to full system compromise.
Mitigation and Patch Status
  • Patch Status: Users are urged to update to N-central version 2025.3.1 or later to remediate the issue [2].
  • Guidance: Organizations should follow vendor-provided mitigation instructions. For federal agencies and organizations following CISA guidance, compliance with BOD 22-01 (which mandates the remediation of vulnerabilities in the KEV catalog) is required [4].
*Note: CVE-2025-8875 is often discussed alongside CVE-2025-8876, a command injection vulnerability in the same product, which was also exploited in the wild [1].*

Sources

  1. N-able N-central vulnerabilities CVE-2025-8875 CVE-2025-8876

    CVE-2025-8875 is an insecure deserialization vulnerability and CVE-2025-8876 a command injection vulnerability. They have yet to be assigned a ... Two vulnerabilities (CVE-2025-8875, CVE-2025-8876) in N-central, a remote monitoring and management (RMM) solution by N-able that ’ s popular with manage…

  2. CVE-2025-8875 Detail - NVD

    Description. Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1. ... CVE-2025-8875 Detail Description Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This…

  3. CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

    CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-8875 N-able N-central Insecure Deserialization Vulnerability. CVE-2025-8876 N-able N-central Command Injection Vulnerability. These types of vulnerabilities…

  4. Known Exploited Vulnerabilities Catalog | CISA

    CVE-2025-48595. Android Framework Integer Overflow Vulnerability: Android Framework contains an integer overflow vulnerability that allows for code execution ... N-able N-Central Insecure Deserialization Vulnerability: N-able N-Central contains an insecure deserialization vulnerability that could le…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed