CVE-2025-8876
Published: 14 August 2025
Summary
CVE-2025-8876 is a critical-severity Improper Input Validation (CWE-20) vulnerability in N-Able N-Central. Its CVSS base score is 9.4 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-8876 is an improper input validation flaw, tracked under CWE-20 and CWE-78, that permits OS command injection in N-able N-central. The vulnerability affects all versions of the product prior to 2025.3.1 and carries a CVSS 4.0 score of 9.4 reflecting network-accessible, low-complexity exploitation with high impact on confidentiality, integrity, and availability plus scope change.
An authenticated attacker with low privileges can supply crafted input that is executed as operating-system commands on the N-central server, enabling full compromise of the management platform and any managed endpoints under its control.
The vendor released N-central 2025.3.1 on 13 August 2025 to correct the issue, and the accompanying advisory directs customers to upgrade immediately. CISA has added the CVE to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild.
EPSS scores rose from a low baseline to a peak of 0.1388, indicating measurable post-disclosure attacker interest that warrants renewed attention.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24822
Vulnerability details
Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.
- CWE(s)
- KEV Date Added
- 13 August 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote OS command injection via improper input validation on public-facing N-central server directly enables T1190 (initial access via exploited app) and T1059 (arbitrary command execution).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses remediation of the known OS command injection flaw in N-central versions prior to 2025.3.1 via timely patching to the fixed release.
Enforces proper information input validation to block malicious inputs that enable OS command injection exploitation.
Scans for and remediates the high-severity vulnerability (CVSS 8.8, CISA KEV) through regular vulnerability monitoring and patching.