Home

Description

Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.

PUBLISHED Reserved 2025-08-11 | Published 2025-08-14 | Updated 2025-08-14 | Assigner N-able




CRITICAL: 9.4CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA Known Exploited Vulnerability

Date added 2025-08-13 | Due date 2025-08-20

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unaffected

Any version before 2025.3.1
affected

References

status.n-able.com/...nnouncing-the-ga-of-n-central-2025-3-1/

cve.org (CVE-2025-8876)

nvd.nist.gov (CVE-2025-8876)

Download JSON