Cyber Resilience

CVE-2025-11366

Critical

Published: 12 November 2025

Published
12 November 2025
Modified
14 November 2025
KEV Added
Patch
CVSS Score v4 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0018 38.9th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-11366 is a critical-severity Path Traversal (CWE-22) vulnerability in N-Able N-Central. Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-11366 is a critical authentication bypass vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting N-central versions prior to 2025.4. The issue stems from path traversal (CWE-22), enabling attackers to circumvent authentication mechanisms by manipulating file paths in requests.

Remote attackers with network access can exploit this vulnerability without authentication privileges or user interaction. Successful exploitation provides high-impact access, allowing unauthorized disclosure of sensitive data (C:H), modification of systems or data (I:H), and disruption of services (A:H).

The N-able security advisory at https://me.n-able.com/s/security-advisory/aArVy0000000rcDKAQ/cve202511366-ncentral-authentication-bypass-via-path-traversal provides details on mitigation, including upgrading to N-central 2025.4 or later to address the path traversal flaw.

EU & UK References

Vulnerability details

N-central < 2025.4 is vulnerable to authentication bypass via path traversal

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is a path traversal flaw in a network-accessible application (N-central RMM) enabling remote authentication bypass without privileges, directly mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-11367Same product: N-Able N-Central
CVE-2025-8876Same product: N-Able N-Central
CVE-2025-8875Same product: N-Able N-Central
CVE-2025-64075Shared CWE-22
CVE-2024-53537Shared CWE-22
CVE-2024-36512Shared CWE-22
CVE-2025-0493Shared CWE-22
CVE-2025-70231Shared CWE-22
CVE-2026-43888Shared CWE-22
CVE-2025-15031Shared CWE-22

Affected Assets

n-able
n-central
≤ 2025.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring timely remediation of the path traversal flaw through patching or upgrading to N-central 2025.4.

prevent

Prevents authentication bypass via path traversal by enforcing validation of manipulated file path inputs in requests.

prevent

Enforces logical access controls to limit unauthorized access even if path traversal partially succeeds in bypassing authentication.

References