Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA orders FCEB patching for N-able flaws

Public Sector Action
First reported
Last updated
Happening score
H score 42
1 unique sources, 1 articles

Summary

Hide ▲

CISA ordered Federal Civilian Executive Branch (FCEB) agencies to patch N-able N-central systems within one week, escalating mandatory remediation for U.S. federal civilian networks facing actively exploited flaws. The directive covers agencies including DHS, Treasury, and Energy, and it sets a deadline of August 20, 2025 under BOD 22-01. The order matters because the bugs can enable command injection and command execution on unpatched devices.

Related Happenings

CISA orders FCEB patching for MongoBleed

Public Sector Action
First: 30.12.2025 16:40 Last: 30.12.2025 16:40 Sources 1

About this happening: **CISA** ordered **FCEB agencies** to patch **CVE-2025-14847** after confirming it was **actively exploited** in attacks, creating an urgent remediation requirement for federal sy...

Open Happening

CISA orders federal agencies to secure WatchGuard Firebox devices

Public Sector Action
First: 19.12.2025 12:25 Last: 19.12.2025 12:25 Sources 1

About this happening: **CISA** ordered federal agencies to secure **WatchGuard Firebox** firewalls after tagging **CVE-2025-14733** as **actively exploited in the wild**, raising urgency for exposed fe...

Open Happening

CISA orders FCEB GeoServer patching

Public Sector Action
First: 12.12.2025 11:48 Last: 12.12.2025 11:48 Sources 1

About this happening: CISA added **CVE-2025-58360** to its **KEV Catalog** and ordered **FCEB agencies** to patch **GeoServer** by **January 1st, 2026**, tightening federal exposure to an **actively ex...

Open Happening

CISA emergency patch deadline for React2Shell

Public Sector Action
First: 12.12.2025 10:41 Last: 12.12.2025 10:41 Sources 1

About this happening: **CISA** urged **federal agencies** to patch **React2Shell** by **December 12, 2025**, tightening the remediation window while **widespread exploitation** is underway. The directi...

Open Happening

CISA KEV mandate for CVE-2025-62221

Public Sector Action
First: 10.12.2025 10:50 Last: 10.12.2025 10:50 Sources 1

About this happening: **CISA** added **CVE-2025-62221** to the **KEV catalog**, forcing **Federal Civilian Executive Branch (FCEB)** agencies to patch by **December 30, 2025** because the flaw is **act...

Open Happening

Timeline

  1. 18.08.2025 19:06 1 articles · 9mo ago

    CISA orders FCEB patching for N-able N-central flaws

    Legal Policy Action Update

    CISA added CVE-2025-8875 and CVE-2025-8876 to the Known Exploited Vulnerabilities Catalog and ordered Federal Civilian Executive Branch agencies, including the Department of Homeland Security, the Department of the Treasury, and the Department of Energy, to patch affected N-able N-central systems within one week, by August 20, under Binding Operational Directive 22-01.

    Show sources
    Open in new tab
  2. 18.08.2025 19:06 1 articles · 9mo ago

    N-able confirms active exploitation of N-central flaws

    Initial Disclosure

    N-able said CVE-2025-8875 and CVE-2025-8876 are under active exploitation in a limited number of on-premises environments, stated that N-central 2025.3.1 patches the flaws, and said it has not seen exploitation in N-able hosted cloud environments. Shadowserver Foundation was tracking 880 vulnerable N-central servers, most of them in the United States, Canada, and the Netherlands, while Shodan showed about 2,000 exposed N-central instances.

    Show sources
    Open in new tab