N-able N-central authenticated command-execution flaws (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
CISA added CVE-2025-8875 and CVE-2025-8876 in N-able N-central to the KEV catalog, signaling active exploitation of authentication-required flaws that could enable command execution in on-premises environments. N-able said the issues were fixed in 2025.3.1 and 2024.6 HF2 on August 13, 2025. The vendor also urged customers to upgrade on-premises systems and enable MFA, especially for admin accounts.
Related Happenings
CISA KEV addition for Sierra Wireless ALEOS routers
Public Sector Action
First: 13.12.2025 14:33
Last: 13.12.2025 14:33
Sources 1
About this happening:
**CISA** added **CVE-2018-4063** to its **KEV catalog**, putting **Sierra Wireless AirLink ALEOS routers** under federal remediation pressure after reports of **active exploitatio...
CISA KEV addition for Sierra Wireless ALEOS routers
Public Sector ActionAbout this happening: **CISA** added **CVE-2018-4063** to its **KEV catalog**, putting **Sierra Wireless AirLink ALEOS routers** under federal remediation pressure after reports of **active exploitatio...
CISA KEV listing and federal deadline for React2Shell
Public Sector Action
First: 06.12.2025 13:40
Last: 06.12.2025 13:40
Sources 1
About this happening:
CISA added **CVE-2025-55182** to the **KEV catalog** after reports of **active exploitation** of **React Server Components**. The listing turns the **React2Shell** flaw into a fed...
CISA KEV listing and federal deadline for React2Shell
Public Sector ActionAbout this happening: CISA added **CVE-2025-55182** to the **KEV catalog** after reports of **active exploitation** of **React Server Components**. The listing turns the **React2Shell** flaw into a fed...
Cybersecurity and Infrastructure Security Agency Emergency Directive 26-01 Mandated agencies apply the latest vendor update for at-risk F5 products for Federal Civilian Executive
Public Sector Action
First: 15.10.2025 15:00
Last: 15.10.2025 15:00
Sources 1
About this happening:
**CISA** issued **Emergency Directive 26-01** after identifying a significant cyber threat to federal networks using certain **F5** devices and software. The directive requires **...
Cybersecurity and Infrastructure Security Agency Emergency Directive 26-01 Mandated agencies apply the latest vendor update for at-risk F5 products for Federal Civilian Executive
Public Sector ActionAbout this happening: **CISA** issued **Emergency Directive 26-01** after identifying a significant cyber threat to federal networks using certain **F5** devices and software. The directive requires **...
CISA adds CVE-2025-5086 to KEV catalog
Public Sector Action
First: 12.09.2025 14:03
Last: 12.09.2025 14:03
Sources 1
About this happening:
**CISA** added **CVE-2025-5086** affecting **Dassault Systèmes DELMIA Apriso MOM** to its **Known Exploited Vulnerabilities (KEV) catalog**, formalizing the flaw as an actively ex...
CISA adds CVE-2025-5086 to KEV catalog
Public Sector ActionAbout this happening: **CISA** added **CVE-2025-5086** affecting **Dassault Systèmes DELMIA Apriso MOM** to its **Known Exploited Vulnerabilities (KEV) catalog**, formalizing the flaw as an actively ex...
Latest development: 12.09.2025 19:19
Dassault Systèmes disclosed a deserialization of untrusted data vulnerability in DELMIA Apriso that can lead to remote code execution, affecting Release 2020 through Release 2025.
Microsoft enforces tenant-wide MFA for Azure Portal sign-ins
Security Tool/Service
First: 05.09.2025 22:32
Last: 05.09.2025 22:32
Sources 1
About this happening:
Microsoft has enforced **multifactor authentication (MFA)** for **Azure Portal sign-ins** across **100% of Azure tenants**, tightening admin access control and reducing takeover r...
Microsoft enforces tenant-wide MFA for Azure Portal sign-ins
Security Tool/ServiceAbout this happening: Microsoft has enforced **multifactor authentication (MFA)** for **Azure Portal sign-ins** across **100% of Azure tenants**, tightening admin access control and reducing takeover r...
Timeline
-
14.08.2025 07:02 1 articles · 9mo ago
N-able releases fixes for N-central flaws
Mitigation Patch UpdateN-able released N-central versions 2025.3.1 and 2024.6 HF2 to address CVE-2025-8875, an insecure deserialization issue that could lead to command execution, and CVE-2025-8876, a command injection issue tied to improper sanitization of user input. The vendor also urged customers to enable multi-factor authentication, especially for admin accounts, and to upgrade on-premises N-central to 2025.3.1.
Show sources
- CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog — thehackernews.com — 14.08.2025 07:02
-
14.08.2025 07:02 2 articles · 9mo ago
CISA adds N-able N-central flaws to KEV catalog
Legal Policy Action UpdateCISA added CVE-2025-8875 and CVE-2025-8876 affecting N-able N-central to the Known Exploited Vulnerabilities catalog after citing active exploitation. N-able said its investigations found this type of exploitation in a limited number of on-premises environments, saw no evidence of exploitation in N-able hosted cloud environments, and warned that Federal Civilian Executive Branch agencies should apply the necessary fixes by August 20, 2025.
Show sources
- CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog — thehackernews.com — 14.08.2025 07:02
- CISA Warns N-able Bugs Under Attack, Patch Now — www.darkreading.com — 14.08.2025 21:58
-
14.08.2025 07:02 2 articles · 9mo ago
CISA adds N-able N-central flaws to KEV catalog
Legal Policy Action UpdateCISA added CVE-2025-8875 and CVE-2025-8876 affecting N-able N-central to the Known Exploited Vulnerabilities catalog after citing active exploitation. N-able said its investigations found this type of exploitation in a limited number of on-premises environments, saw no evidence of exploitation in N-able hosted cloud environments, and warned that Federal Civilian Executive Branch agencies should apply the necessary fixes by August 20, 2025.
Show sources
- CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog — thehackernews.com — 14.08.2025 07:02
- CISA Warns N-able Bugs Under Attack, Patch Now — www.darkreading.com — 14.08.2025 21:58