CVE-2025-8876 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

N-able N-Central Command Injection Vulnerability

Exploit added

August 13, 2025

Action due

August 20, 2025

Action required

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.

References

https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/

Weakness Enumeration

CWE-ID	CWE Name
CWE-20	Improper Input Validation
CWE-78	Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

Known Affected Software Configurations

cpe:2.3:a:n-able:n-central:2024.1:::::::*
cpe:2.3:a:n-able:n-central:2024.2:::::::*
cpe:2.3:a:n-able:n-central:2024.3:::::::*
cpe:2.3:a:n-able:n-central:2024.4:::::::*
cpe:2.3:a:n-able:n-central:2024.6:-::::::
cpe:2.3:a:n-able:n-central:2024.6:hotfix1::::::
cpe:2.3:a:n-able:n-central:2024.6:hotfix2::::::
cpe:2.3:a:n-able:n-central:2025.1:-::::::
cpe:2.3:a:n-able:n-central:2025.1:hotfix1::::::
cpe:2.3:a:n-able:n-central:2025.2.1:::::::*
cpe:2.3:a:n-able:n-central:2025.2:::::::*
cpe:2.3:a:n-able:n-central:2025.3:::::::*
cpe:2.3:a:n-able:n-central:2023.6:::::::*
cpe:2.3:a:n-able:n-central:2023.7:::::::*
cpe:2.3:a:n-able:n-central:-:::::::*
cpe:2.3:a:n-able:n-central:2023.4:::::::*

Details

Source:
NVD

Published:
August 14, 2025

Updated:
August 15, 2025

Risk information

CVSS v3

Base score:
8.8

Severity:

HIGH

Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined