Hundreds of N-able N-central Instances Affected by Exploited Vulnerabilities

18/08/2025

More than 870 internet-exposed N-able N-central instances are running versions affected by two exploited vulnerabilities, data from The Shadowserver Foundation shows.

The security defects, tracked as CVE-2025-8875 and CVE-2025-8876, are described as an insecure deserialization issue and a command injection bug, respectively.

The flaws were disclosed on August 13, when N-able announced that patches for them were included in version 2025.3 of its remote monitoring and management (RMM) product.

On the same day, the US cybersecurity agency CISA added both vulnerabilities to its KEV catalog, urging federal agencies to patch them by August 20.

N-able did not share technical details on the bugs, but confirmed to SecurityWeek that the issues had been exploited against a limited number of customers to elevate privileges and abuse vulnerable self-hosted N-central instances.

“We have not seen any evidence of exploitations within N-able hosted cloud environments. We’ll update customers with any additional information that becomes available as our investigation continues into this matter,” N-able said.

The vendor has not confirmed it, but the timing of the disclosure and CISA adding them to its KEV list suggests that the vulnerabilities may have been exploited as zero-days.

Shortly after the bugs were disclosed, The Shadowserver Foundation started tracking internet-exposed N-central instances affected by CVE-2025-8875 and CVE-2025-8876.

“We added version-based N-able N-central RMM CVE-2025-8875 & CVE-2025-8876 detection to our daily scans. 1077 IPs unpatched IPs seen on 2025-08-15,” Shadowserver said on Sunday.

The Shadowserver Foundation’s tracker shows that, as of August 17, more than 870 N-central instances were unpatched against the two vulnerabilities. Most of these deployments are in the US (367), with Canada (92), the Netherlands (84), Australia (74), and the UK (72) rounding up the top five.

A spin-off of SolarWinds, N-able was created in 2021. N-central is a management, automation, and orchestration tool used by MSPs and IT teams, and its successful compromise could allow hackers to access MSP customers’ environments.

Related: Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada

Related: SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability

Related: SAP Patches Critical S/4HANA Vulnerability

Related: Many Mobile Apps Fail Basic Security—Posing Serious Risks to Enterprises

Source: securityweek.com

New WireTap Attack Break Server SGX To Exfiltrate Sensitive Data

A newly disclosed vulnerability, named the WireTap attack, allows attackers with physical access to break the security of Intel’s Software Guard eXtensions (SGX) on modern server processors and steal sensitive information. A research paper released in October 2025 details how this method can extract cryptographic keys from supposedly secure SGX enclaves using a low-cost setup, challenging the … [Read More...]

Unity Real-Time Development Platform Vulnerability Let Attackers Execute Arbitrary Code

Unity Technologies has issued a critical security advisory warning developers about a high-severity vulnerability affecting its widely used game development platform. The flaw, designated CVE-2025-59489, exposes applications built with vulnerable Unity Editor versions to unsafe file loading attacks that could enable local code execution and privilege escalation across multiple operating … [Read More...]

Microsoft to Disable Inline SVG Images Display to Outlook for Web and Windows Users

Microsoft has announced a significant security enhancement for Outlook users, implementing the retirement of inline SVG image support across Outlook for Web and the new Outlook for Windows platforms. This change represents a proactive measure to strengthen email security infrastructure and protect users from potential cybersecurity threats. The rollout timeline has been strategically … [Read More...]

5 tips for setting up guest Wi-Fi that isn't a danger to your home

Having guests over is great until they ask for the Wi-Fi password. I'm then faced with the awkward dance of finding that crumpled sticky note, dictating a convoluted string of alphanumeric characters, and hoping they type it in correctly. But the real problem is how guests feel like I'm inviting a security nightmare home. Digitally, handing out my main Wi-Fi password is like giving a stranger a … [Read More...]

Acer Chromebook Plus Spin 514 review: a versatile, convertible powerhouse

A good Chromebook can sometimes be hard to find. Many ChromeOS devices are too underpowered to really do much beyond browse the web and manage your email, or they suffer from poor build quality, dim displays, or uncomfortable keyboards. But that's not the case with the new Acer Chromebook Plus Spin 514. Source: xda-developers.com … [Read More...]

Wolverine: 4 Marvel characters we'd love to see meet up with Logan

During the State of Play presentation for September 2025, Insomniac Game finally gave everyone an official first look at their upcoming Wolverine game. What was very clear from the start was that this would be different from what fans have come to expect from the studio, given their Spider-Man titles were wildly successful. For many people who love Marvel Comics, Wolverine is a character that … [Read More...]

Using my NAS as an Apple Time Machine backup store was the best QoL upgrade for my MacBook

Creating regular backups of your essential files goes a long way in ensuring your devices remain in tip-top form, regardless of whether you’re a casual user or a hardcore tinkering veteran with multiple projects under your belt. While there are certain self-hosted services that can accomplish this task on Windows and Linux, the macOS ecosystem is blessed with a dedicated snapshot utility called … [Read More...]

3 Windows File Explorer add-ons that fix Microsoft's biggest pain points

File Explorer is one of the oldest parts of Windows, and you can tell. Microsoft has added tabs and refreshed the icons, but the core experience still needs work. For example, the layout looks rigid, and everyday actions like batch renaming need third-party help to be more complete. File Explorer also feels flat to look at, with almost no way to change its appearance. Small pain points like these … [Read More...]

The single Docker container that made me a home lab power user

For years, I treated my home lab like a necessary chore – a collection of services running on command line interfaces that required constant SSH logins just to check logs or reboot a container. I knew the power of Docker, but managing multiple environments across different hardware was often a confusing, time-consuming mess. Source: xda-developers.com … [Read More...]

Kingmakers, the medieval battle game with modern weapons, has been delayed

Redemption Road's absolutely bonkers-looking medieval shooter, Kingmakers, was slated to launch in Early Access on October 8, but now its release has been pushed back with no new date in sight. The developers posted an update on Steam to say that the scheduled launch, just days away, "will no longer be possible," going on to explain that they need "a bit more time on content polish before we feel … [Read More...]