A critical cybersecurity alert has been issued after it was discovered that hundreds of N-able N-central instances are vulnerable to two actively exploited security flaws. The vulnerabilities, identified as CVE-2025-8875 and CVE-2025-8876, are being leveraged by malicious actors, posing a significant threat to Managed Service Providers (MSPs) and their clients. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added both flaws to its Known Exploited Vulnerabilities (KEV) Catalog, urging immediate action.
These vulnerabilities are described as an insecure deserialization issue and a command injection bug. While they require a form of authentication to be exploited, once an attacker has compromised credentials—potentially through phishing—they can execute arbitrary code, elevate their privileges, and gain control over the affected systems. Since N-able N-central is a widely used remote monitoring and management (RMM) tool, a successful attack can have a domino effect, potentially compromising the networks of all the clients that an MSP manages. This makes it a high-value target for threat actors.
N-able has acknowledged the exploitation in a “limited number” of on-premises environments and has released patches to address the issues in version 2025.3.1. However, data from The Shadowserver Foundation indicates that as of August 17, 2025, more than 870 internet-exposed instances remain unpatched. The majority of these vulnerable deployments are located in the United States, with Canada, the Netherlands, Australia, and the UK also having a significant number of affected instances.
CISA’s inclusion of these vulnerabilities in its KEV Catalog mandates that all federal agencies must patch their systems by August 20, 2025. While this directive doesn’t apply to the private sector, CISA strongly recommends that all organizations with on-premises N-able N-central deployments apply the update immediately. The vendor has stated it will release more technical details about the vulnerabilities in the coming weeks to give customers time to remediate their systems. This incident highlights the ongoing risk of supply chain attacks that target MSPs and other IT management platforms.
