CVE-2025-11700
HIGH EXPLOITED NUCLEIN-able N-Central Authentication Bypass and XXE Scanner
Title source: metasploitDescription
N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure
Exploits (2)
github
WORKING POC
2 stars
by horizon3ai · pythonremote
https://github.com/horizon3ai/n-able_n-central_xxe_file_read
metasploit
WORKING POC
by Zach Hanley (Horizon3.ai) · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/nable_ncentral_auth_bypass_xxe.rb
Nuclei Templates (1)
N-central - XML External Entities Injection
HIGHVERIFIEDby DhiyaneshDK,horizon3ai
Shodan:
http.title:"N-central Login"
Scores
CVSS v3
7.5
EPSS
0.4743
EPSS Percentile
97.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
VulnCheck KEV
2025-12-15
CWE
CWE-611
Status
published
Products (1)
n-able/n-central
< 2025.4
Published
Nov 12, 2025
Tracked Since
Feb 18, 2026