Cyber Posture

CVE-2025-11366

Critical

Published: 12 November 2025

Published
12 November 2025
Modified
14 November 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0015 35.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-11366 is a critical-severity Path Traversal (CWE-22) vulnerability in N-Able N-Central. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the CVE by requiring timely remediation of the path traversal flaw through patching or upgrading to N-central 2025.4.

SI-10 Information Input Validation good match
prevent

Prevents authentication bypass via path traversal by enforcing validation of manipulated file path inputs in requests.

AC-3 Access Enforcement partial match
prevent

Enforces logical access controls to limit unauthorized access even if path traversal partially succeeds in bypassing authentication.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The vulnerability is a path traversal flaw in a network-accessible application (N-central RMM) enabling remote authentication bypass without privileges, directly mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

N-central < 2025.4 is vulnerable to authentication bypass via path traversal

Deeper analysisAI

CVE-2025-11366 is a critical authentication bypass vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting N-central versions prior to 2025.4. The issue stems from path traversal (CWE-22), enabling attackers to circumvent authentication mechanisms by manipulating file paths in requests.

Remote attackers with network access can exploit this vulnerability without authentication privileges or user interaction. Successful exploitation provides high-impact access, allowing unauthorized disclosure of sensitive data (C:H), modification of systems or data (I:H), and disruption of services (A:H).

The N-able security advisory at https://me.n-able.com/s/security-advisory/aArVy0000000rcDKAQ/cve202511366-ncentral-authentication-bypass-via-path-traversal provides details on mitigation, including upgrading to N-central 2025.4 or later to address the path traversal flaw.

Details

CWE(s)
CWE-22

Affected Products

n-able
n-central
≤ 2025.4

CVEs Like This One

CVE-2025-11367Same product: N-Able N-Central
CVE-2025-8876Same product: N-Able N-Central
CVE-2025-8875Same product: N-Able N-Central
CVE-2025-59384Shared CWE-22
CVE-2025-15031Shared CWE-22
CVE-2026-7213Shared CWE-22
CVE-2026-24479Shared CWE-22
CVE-2025-66744Shared CWE-22
CVE-2026-6057Shared CWE-22
CVE-2026-5436Shared CWE-22

References