๐Ÿ”ด CVE-2025-8876

CVE-2025-8876 is a critical OS command injection vulnerability in N-able N-central RMM platform that allows authenticated attackers to execute arbitrary commands. CISA has confirmed active exploitation in the wild, and the vulnerability affects internet-facing management platforms used by MSPs.

โ† Back to Overview
HIGH_RISK
Risk Level
9.4
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 โ€” Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

๐Ÿ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-08-14

Added to CISA KEV: 2025-08-13 0 DAY BETWEEN CVE AND KEV

๐ŸŽฏ Recommendations:

๐Ÿ” Web Intelligence (Kagi ยท 2025-09-06)

Here's what is known about the CVE-2025-8876 vulnerability:

  • Affected Applications/Services: CVE-2025-8876 affects N-able N-central, a remote monitoring and management (RMM) platform [1]. It is likely to affect internet-facing instances [2].
  • Active Exploitation: CISA reported awareness of active exploitation of CVE-2025-8876 in N-able N-central on the same day the patches were released [3][4].
  • Attack Vectors/Exploitation Methods:
* CVE-2025-8876 is a command injection vulnerability [5]. * It stems from improper input validation [6][7] and can be exploited by authenticated attackers [6]. * Successful exploitation allows attackers to inject and execute commands on unpatched devices [6].
  • Targeted Attacks: There is no explicit mention of "targeted attacks" specifically for CVE-2025-8876 [8].
  • CISA KEV Status: CVE-2025-8876 is listed in CISA's Known Exploited Vulnerabilities Catalog [8][9].
  • Technical Details: The vulnerability is due to improper input sanitization and insecure deserialization [6]. Exploitation requires authenticated access [6].

Sources

  1. Vulnerabilities in MSP-friendly RMM solution

    Two vulnerabilities (CVE-2025-8875, CVE-2025-8876) in the N-able N-central RMM platform are being exploited by attackers, according to CISA.

  2. Critical flaw gives attackers control of vulnerable

    ... prioritize patching internet-facing systems ... Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876)โ€ฆ

  3. CISA Warns of Attacks Exploiting N-able Vulnerabilities

    CISA reported becoming aware of attacks exploiting CVE-2025-8875 and CVE-2025-8876 in N-able N-central on the day they were patched.

  4. Vulnerabilities Archives - SecurityWeek

    Vulnerabilities. Apple Patches Zero-Day Exploited in Targeted Attacks.CISA reported becoming aware of attacks exploiting CVE-2025-8875 and CVE-2025-8876 in N-able N-central on the day they were patched.

  5. Hundreds of N-able N-central Instances Affected by Exploited...

    The security defects, tracked as CVE-2025-8875 and CVE-2025-8876, are described as an insecure deserialization issue and a command injection bug, respectively. The flaws were disclosed on August 13, when N-able announced that patches for them were included in version 2025.3 of its...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

๐Ÿ“„ Download JSON Data | ๐Ÿ“ก RSS Feed