N-Able: Security Vulnerabilities
CVE-2025-8875
Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.
Known exploited
CVSS Score
7.8
EPSS Score
0.106
Published
2025-08-14
CVE-2025-8876
Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.
Known exploited
CVSS Score
8.8
EPSS Score
0.205
Published
2025-08-14
The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2.
This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.
CVSS Score
9.1
EPSS Score
0.001
Published
2024-07-01
The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0
CVSS Score
5.3
EPSS Score
0.001
Published
2024-05-02
The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-02-08
An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-02-08
BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion.
CVSS Score
7.0
EPSS Score
0.01
Published
2023-09-11
An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server.
CVSS Score
7.0
EPSS Score
0.0
Published
2023-08-04