The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two high-risk flaws in N-able N-central CVE-2025-8875 (deserialization) and CVE-2025-8876 (command injection) to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation.
Both vulnerabilities require authentication but pose serious risks to unpatched systems, potentially allowing attackers to execute arbitrary code or commands. N-able has released version 2025.3.1 to address the issues and urges immediate upgrades, especially for on-premises deployments.
To mitigate risks, Multi-Factor Authentication (MFA) must be enforced across all N-able products, particularly for admin accounts.
The 2025.3.1 update also introduces:
- Expanded audit logging for better traceability
- Device Management API improvements
- Preview asset tagging features for better organization
- Bug fixes improving remote support, task scheduling, and asset mapping
N-able is also working toward CMMC Level 2 compliance for partners handling sensitive federal contracts.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
