CVE-2025-8876
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-8876. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.
Available Exploits
Related News
Two vulnerabilities (CVE-2025-8875, CVE-2025-8876) in N-central, a remote monitoring and management (RMM) solution by N-able that’s popular with managed service providers, are being exploited by attackers. There are no public reports of exploitation, but the …
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-8875 N-able N-central Insecure Deserialization Vulnerability CVE-2025-8876 N-able N-central C…
Known Exploited Vulnerability
This vulnerability is actively being exploited in the wild
Remediation Status
Due Date
Added to KEV
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Product
Ransomware Risk
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.
Affected Products (ENISA)
ENISA Scoring
CVSS Score (4.0)
Data provided by ENISA EU Vulnerability Database. Last updated: August 14, 2025
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
Advisory provided by GitHub Security Advisory Database. Published: August 14, 2025, Modified: August 15, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
🔥 Top 10 Trending CVEs (22/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-54336](https://nvd.nist.gov/vuln/detail/CVE-2025-54336)** - 📝 In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Thus, if the correct password is 0e followed by any digit string, then an attacker can login with any …
🔥 Top 10 Trending CVEs (19/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2024-42057](https://nvd.nist.gov/vuln/detail/CVE-2024-42057)** - 📝 A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, …
CyberDudeBivash Global Cybersecurity Brief — last 24 hours Timestamp: Tue, Aug 19, 2025 • 09:54 IST https://preview.redd.it/nddynfeolwjf1.png?width=1536&format=png&auto=webp&s=0c7e274c89f68f7a273cb8e69fd9c63a483498e0 # 1) Workday confirms CRM breach (part of ongoing Salesforce-targeting wave) **What happened:** Workday disclosed a **social-engineering** intrusion against a third-party CRM (Salesforce) that exposed business contact data; no access to customer tenants. …
Hundreds of N-able N-central Instances Affected by Exploited Vulnerabilities Over 870 N-able N-central instances remain unpatched against critical vulnerabilities CVE-2025-8875 and CVE-2025-8876, exposing managed service providers to significant security risks despite patches issued in August - https://www.securityweek.com/hundreds-of-n-able-n-central-instances-affected-by-exploited-vulnerabilities/
CISA Alerts Companies of Active Exploits in N-able's Remote Management Tool **CISA warns that unpatched vulnerabilities in N-able's N-central product are being actively exploited by attackers.** **Key Points:** - CISA identified two vulnerabilities in N-able's N-central that require authentication to exploit. - The vulnerabilities, CVE-2025-8875 and CVE-2025-8876, address insecure deserialization …