Cyber Resilience

CVE-2025-8875

CriticalCISA KEVActive ExploitationEUVD ExploitedRCE

Published: 14 August 2025

Published
14 August 2025
Modified
27 October 2025
KEV Added
13 August 2025
Patch
CVSS Score v4 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0376 88.3th percentile
Risk Priority 41 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8875 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in N-Able N-Central. Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 11.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-8875 is a deserialization of untrusted data vulnerability, tracked under CWE-502, that permits local code execution. It affects the N-able N-central platform in all versions prior to 2025.3.1. The flaw received a CVSS 4.0 score of 9.4, reflecting network attack vector, low attack complexity, low privileges required, and high impacts across confidentiality, integrity, availability, and scope.

An attacker with low-privileged network access can supply a malicious serialized object that the application deserializes without sufficient validation, resulting in arbitrary code execution on the affected N-central instance. Successful exploitation grants the attacker the ability to compromise the confidentiality, integrity, and availability of the system and potentially affect other components within its trust boundary.

The vendor released N-central 2025.3.1 to address the issue, as noted in the August 2025 general availability announcement. The vulnerability appears in the CISA Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation. Its EPSS score rose from a low baseline to a peak of 0.0508 on 2025-12-18 before receding, indicating measurable post-disclosure attacker interest.

EU & UK References

Vulnerability details

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.

CWE(s)
KEV Date Added
13 August 2025

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local deserialization leading to arbitrary code execution with low privileges directly enables privilege escalation to full system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-8876Same product: N-Able N-Centralboth on KEV
CVE-2025-11367Same product: N-Able N-Central
CVE-2025-11366Same product: N-Able N-Central
CVE-2025-53690Shared CWE-502both on KEV
CVE-2025-59287Shared CWE-502both on KEV
CVE-2026-37552Shared CWE-502
CVE-2025-26921Shared CWE-502
CVE-2026-24159Shared CWE-502
CVE-2026-20963Shared CWE-502both on KEV
CVE-2025-66214Shared CWE-502

Affected Assets

n-able
n-central
≤ 2025.3.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the deserialization vulnerability by requiring timely application of the vendor patch released in N-central 2025.3.1.

prevent

Prevents exploitation by validating untrusted data inputs prior to deserialization, addressing the core CWE-502 issue.

prevent

Mitigates arbitrary code execution from deserialization exploits through memory protections like non-executable memory and ASLR.

References