Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876)

Two vulnerabilities (CVE-2025-8875, CVE-2025-8876) in N-central, a remote monitoring and management (RMM) solution by N-able that’s popular with managed service providers, are being exploited by attackers.

There are no public reports of exploitation, but the confirmation came from the US Cybersecurity and Infrastructure Security Agency (CISA), which added the flaws to its Known Exploited Vulnerabilities catalog and ordered US federal civilian agencies to mitigate them within a week.

About the vulnerabilities (CVE-2025-8875, CVE-2025-8876)

N-able N-central is used by managed service providers (MSPs) and IT teams to keep track of, update, and secure large fleets of endpoints from a central dashboard. It supports a wide range of devices: workstations, servers, mobile devices, and network equipment from various manufacturers like Dell, HP, Cisco and Fortinet.

CVE-2025-8875 is an insecure deserialization vulnerability and CVE-2025-8876 a command injection vulnerability. They have yet to be assigned a CVSS score and N-able is only planning to release furtner details about the three weeks from now.

The only information that the company shared is that the vulnerabilities require attackers to authenticate themselves (i.e., they must have valid account credentials) before being able to exploit them, and that, if the vulnerabilities remain unpatched, “there is a potential risk to the security of [customers’] N-central environment”.

The flaws have been fixed in N-central v2025.3.1 and N-central v2024.6 HF2, which have been released on Wednesday, and the company urged customers to upgrade their on-premises installations to one of those versions.

CISA couldn’t confirm that the vulnerabilities are being leveraged in ransomware delivery campaigns, but attackers have been known to compromise solutions used by MSPs to get to their customers’ systems and networks.

UPDATE (August 14, 2025, 10:10 a.m. ET):

N-able has told Help Net Security that the vulnerabilities could allow a threat actor to elevate their privileges and maliciously use N-central.

“Our security investigations have shown evidence of this type of exploitation in a limited number of on-premises environments. We have not seen any evidence of exploitations within N-able hosted cloud environments,” a company spokesperson shared.

“We acted quickly to release a hotfix to address these vulnerabilities, which we have communicated to all N-central customers. Our commitment to security and transparency will continue; we have reserved two CVEs (CVE-2025-8875, CVE-2025-8876) that relate to this hotfix which we will release in the coming weeks. We’ll update customers with any additional information that becomes available as our investigation continues into this matter.”

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!