Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876)
Two vulnerabilities (CVE-2025-8875, CVE-2025-8876) in N-central, a remote monitoring and management (RMM) solution by N-able that’s popular with managed service providers, are being exploited by attackers.
CVE-2025-8875 CVE-2025-8876" title="N-able N-central">
There are no public reports of exploitation, but the confirmation came from the US Cybersecurity and Infrastructure Security Agency (CISA), which added the flaws to its Known Exploited Vulnerabilities catalog and ordered US federal civilian agencies to mitigate them within a week.
About the vulnerabilities (CVE-2025-8875, CVE-2025-8876)
N-able N-central is used by managed service providers (MSPs) and IT teams to keep track of, update, and secure large fleets of endpoints from a central dashboard. It supports a wide range of devices: workstations, servers, mobile devices, and network equipment from various manufacturers like Dell, HP, Cisco and Fortinet.
CVE-2025-8875 is an insecure deserialization vulnerability and CVE-2025-8876 a command injection vulnerability. They have yet to be assigned a CVSS score and N-able is only planning to release furtner details about the three weeks from now.
The only information that the company shared is that the vulnerabilities require attackers to authenticate themselves (i.e., they must have valid account credentials) before being able to exploit them, and that, if the vulnerabilities remain unpatched, “there is a potential risk to the security of [customers’] N-central environment”.
The flaws have been fixed in N-central v2025.3.1 and N-central v2024.6 HF2, which have been released on Wednesday, and the company urged customers to upgrade their on-premises installations to one of those versions.
CISA couldn’t confirm that the vulnerabilities are being leveraged in ransomware campaigns, but attackers have been known to compromise solutions used by MSPs to get to their customers’ systems and networks.
