CVE-2025-8875
Insecure Deserialization Vulnerability
In short
N-able N-central has a critical flaw where it unsafely processes data from untrusted sources, allowing an attacker with local access to run malicious code on the system. This could give attackers complete control over the affected computer.
Technical detail
The vulnerability stems from insecure deserialization (CWE-502) of untrusted data in N-able N-central versions before 2025.3.1, enabling arbitrary code execution through crafted serialized objects accessible to local users. Exploitation requires local access and results in arbitrary code execution with system privileges.
Summary generated and translated by AI from the official description.
Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
N-able · N-centralpublic PoCs found — 1
githubgithub.com/rxerium/CVE-2025-8875-CVE-2025-8876★ 21⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →