CVE-2025-8875

HighCISA KEVActive Exploitation

Published: 14 August 2025

Published

14 August 2025

Modified

27 October 2025

KEV Added

13 August 2025

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0302 86.7th percentile

Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8875 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in N-Able N-Central. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 13.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the deserialization vulnerability by requiring timely application of the vendor patch released in N-central 2025.3.1.

SI-10 Information Input Validation good match

prevent

Prevents exploitation by validating untrusted data inputs prior to deserialization, addressing the core CWE-502 issue.

SI-16 Memory Protection partial match

prevent

Mitigates arbitrary code execution from deserialization exploits through memory protections like non-executable memory and ASLR.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Local deserialization leading to arbitrary code execution with low privileges directly enables privilege escalation to full system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.

Deeper analysisAI

CVE-2025-8875 is a Deserialization of Untrusted Data vulnerability (CWE-502) in N-able N-central that enables local execution of arbitrary code. The issue affects N-central versions prior to 2025.3.1. It has a CVSS v3.1 base score of 7.8, rated as high severity, with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, low privileges required, no user interaction, unchanged scope, and high impacts to confidentiality, integrity, and availability.

A local attacker with low privileges on an affected N-central system can exploit this vulnerability by providing specially crafted untrusted data for deserialization, leading to arbitrary code execution. Successful exploitation grants the attacker high-level control over the system, potentially allowing full compromise including data theft, modification, or disruption of services managed by N-central.

N-able has addressed the vulnerability in the general availability release of N-central 2025.3.1, as announced on their status page. Security practitioners should apply this update immediately to mitigate the issue.

The vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog, indicating active real-world exploitation.