Data from The Shadowserver Foundation shows that over 870 internet-exposed N-able N-central instances are running vulnerable software versions.
These vulnerabilities, tracked as CVE-2025-8875 and CVE-2025-8876, are described as an insecure deserialization and a command injection bug. N-able disclosed the flaws and released a patch in version 2025.3 of its remote monitoring and management product on August 13.
On the same day, the U.S. cybersecurity agency CISA added both vulnerabilities to its Known Exploited Vulnerabilities catalog, instructing federal agencies to apply the patch by August 20. N-able stated it has no evidence of exploitation in its cloud environments. The timing of the disclosure and CISA's alert suggests the flaws may have been exploited as zero-days.
The Shadowserver Foundation began tracking affected N-central instances and found 1,077 unpatched IPs on August 15. As of August 17, this number was over 870. Most of the vulnerable deployments are in the U.S., followed by Canada, the Netherlands, Australia, and the UK. N-central is an IT management tool used by Managed Service Providers (MSPs), and a compromise could allow hackers to access the environments of their customers.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
