Home

Description

N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.

PUBLISHED Reserved 2025-08-21 | Published 2025-11-12 | Updated 2025-11-12 | Assigner N-able




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-1284 Improper Validation of Specified Quantity in Input

Product status

Default status
unaffected

Any version before 2025.4
affected

References

me.n-able.com/...entral-unauthenticated-sessionid-generation

cve.org (CVE-2025-9316)

nvd.nist.gov (CVE-2025-9316)

Download JSON