CVE-2025-8876 is a critical OS command injection vulnerability in N-able N-central RMM platform that allows authenticated attackers to execute arbitrary commands. CISA has confirmed active exploitation in the wild, and the vulnerability affects internet-facing management platforms used by MSPs.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2025-08-14
Added to CISA KEV: 2025-08-13 0 DAY BETWEEN CVE AND KEV
Two vulnerabilities (CVE-2025-8875, CVE-2025-8876) in the N-able N-central RMM platform are being exploited by attackers, according to CISA.
... prioritize patching internet-facing systems ... Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876)
CISA reported becoming aware of attacks exploiting CVE-2025-8875 and CVE-2025-8876 in N-able N-central on the day they were patched.
Vulnerabilities. Apple Patches Zero-Day Exploited in Targeted Attacks.CISA reported becoming aware of attacks exploiting CVE-2025-8875 and CVE-2025-8876 in N-able N-central on the day they were patched.
The security defects, tracked as CVE-2025-8875 and CVE-2025-8876, are described as an insecure deserialization issue and a command injection bug, respectively. The flaws were disclosed on August 13, when N-able announced that patches for them were included in version 2025.3 of its...