CVE-2025-8876: N-able N-Central Command Injection Vulnerability

CVE ID

CVE-2025-8876

Vulnerability Name

N-able N-Central Command Injection Vulnerability

• Project: N-able
• Product: N-Central

Date

• Date Added: 2025-08-13
• Due Date: 2025-08-20

Description

N-able N-Central contains a command injection vulnerability via improper sanitization of user input.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-8876

Related Security News

• Over 800 N-able servers left unpatched against critical flaws
• Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876)
• CISA warns of N-able N-central flaws exploited in zero-day attacks
• CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List