N-able security patch release for CVE-2025-8875
Security Patch Release
Summary
Hide ▲
Show ▼
N-able released N-central 2025.3.1 and 2024.6 HF2 on August 13, 2025, fixing CVE-2025-8875 and CVE-2025-8876 for on-premises customers. The update closes an insecure deserialization flaw and a command injection flaw that could enable command execution in affected environments. N-able also told administrators to enable MFA, especially for admin accounts. Because the flaws were placed in CISA's KEV catalog with evidence of active exploitation, the patch is time-sensitive.
Related Happenings
MongoDB Server security update for CVE-2025-14847
Security Patch Release
First: 28.12.2025 22:38
Last: 28.12.2025 22:38
Sources 1
About this happening:
MongoDB released **safe versions** for **CVE-2025-14847 (MongoBleed)**, a flaw that is **actively exploited in the wild** and can expose secrets from **MongoDB Server** instances....
MongoDB Server security update for CVE-2025-14847
Security Patch ReleaseAbout this happening: MongoDB released **safe versions** for **CVE-2025-14847 (MongoBleed)**, a flaw that is **actively exploited in the wild** and can expose secrets from **MongoDB Server** instances....
LangChain Core security patch release (CVE-2025-68664)
Security Patch Release
First: 26.12.2025 11:27
Last: 26.12.2025 11:27
Sources 1
About this happening:
**LangChain** released a **security patch** for **langchain-core** that reduces the risk of **secret theft** and **prompt injection** from **CVE-2025-68664**. The fix adds an **al...
LangChain Core security patch release (CVE-2025-68664)
Security Patch ReleaseAbout this happening: **LangChain** released a **security patch** for **langchain-core** that reduces the risk of **secret theft** and **prompt injection** from **CVE-2025-68664**. The fix adds an **al...
MongoDB Server CVE-2025-14847 mitigation advisory
Advisory/Mitigation
First: 24.12.2025 16:18
Last: 24.12.2025 16:18
Sources 1
About this happening:
MongoDB issued an **immediate mitigation advisory** for **CVE-2025-14847**, warning that **MongoDB Server** deployments face a **high-severity memory-read flaw** that **unauthenti...
MongoDB Server CVE-2025-14847 mitigation advisory
Advisory/MitigationAbout this happening: MongoDB issued an **immediate mitigation advisory** for **CVE-2025-14847**, warning that **MongoDB Server** deployments face a **high-severity memory-read flaw** that **unauthenti...
N8n security patch for CVE-2025-68613
Security Patch Release
First: 23.12.2025 09:34
Last: 23.12.2025 09:34
Sources 1
About this happening:
n8n released fixes for **CVE-2025-68613**, a **critical** flaw in its workflow automation platform that could allow **arbitrary code execution**. The update covers **versions >= 0...
N8n security patch for CVE-2025-68613
Security Patch ReleaseAbout this happening: n8n released fixes for **CVE-2025-68613**, a **critical** flaw in its workflow automation platform that could allow **arbitrary code execution**. The update covers **versions >= 0...
CISA KEV listing for ASUS Live Update and FCEB cutoff
Public Sector Action
First: 18.12.2025 07:01
Last: 18.12.2025 07:01
Sources 1
About this happening:
**CISA** added **ASUS Live Update** to its **KEV catalog** after evidence of **active exploitation**, making **CVE-2025-59374** a federal remediation priority. The agency told **F...
CISA KEV listing for ASUS Live Update and FCEB cutoff
Public Sector ActionAbout this happening: **CISA** added **ASUS Live Update** to its **KEV catalog** after evidence of **active exploitation**, making **CVE-2025-59374** a federal remediation priority. The agency told **F...
Latest development: 18.12.2025 15:27
CISA added CVE-2025-59374 to its Known Exploited Vulnerabilities (KEV) catalog and warned federal agencies to stop using Asus Live Update, a now-discontinued utility linked to a supply-chain backdoor.
Timeline
-
14.08.2025 07:02 1 articles · 9mo ago
N-able releases N-central fixes for CVE-2025-8875 and CVE-2025-8876
Mitigation Patch UpdateN-able released N-central versions 2025.3.1 and 2024.6 HF2 to address CVE-2025-8875, an insecure deserialization flaw that could lead to command execution, and CVE-2025-8876, a command injection flaw via improper sanitization of user input. The vendor also urged customers to enable multi-factor authentication (MFA), especially for admin accounts, and to upgrade on-premises N-central systems to 2025.3.1.
Show sources
- CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog — thehackernews.com — 14.08.2025 07:02
-
14.08.2025 07:02 2 articles · 9mo ago
CISA lists N-able N-central flaws in the KEV catalog after active exploitation
Initial DisclosureCISA added CVE-2025-8875 and CVE-2025-8876 affecting N-able N-central to the Known Exploited Vulnerabilities (KEV) catalog after citing evidence of active exploitation. N-able said the authenticated flaws were fixed in N-central 2025.3.1 and 2024.6 HF2 and warned customers to enable MFA, especially for admin accounts, while FCEB agencies were told to apply the necessary fixes by August 20, 2025.
Show sources
- CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog — thehackernews.com — 14.08.2025 07:02
- CISA Warns N-able Bugs Under Attack, Patch Now — www.darkreading.com — 14.08.2025 21:58
-
14.08.2025 07:02 2 articles · 9mo ago
CISA lists N-able N-central flaws in the KEV catalog after active exploitation
Initial DisclosureCISA added CVE-2025-8875 and CVE-2025-8876 affecting N-able N-central to the Known Exploited Vulnerabilities (KEV) catalog after citing evidence of active exploitation. N-able said the authenticated flaws were fixed in N-central 2025.3.1 and 2024.6 HF2 and warned customers to enable MFA, especially for admin accounts, while FCEB agencies were told to apply the necessary fixes by August 20, 2025.
Show sources
- CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog — thehackernews.com — 14.08.2025 07:02
- CISA Warns N-able Bugs Under Attack, Patch Now — www.darkreading.com — 14.08.2025 21:58