CVE-2025-8875

HIGH KEV

N-able N-central < 2025.3.1 - Local Code Execution via Untrusted Data Deserialization

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-8875 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added August 13, 2025. EIP tracks 1 public exploit from researchers including rxerium.

AI-analyzed exploit summary The repository contains Nuclei templates for detecting vulnerable versions of N-able N-central affected by CVE-2025-8875 and CVE-2025-8876. It checks for version numbers and specific HTML elements to identify vulnerable instances but does not include exploit code.

Description

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.

Exploits (1)

nomisec SCANNER 21 stars
by rxerium · poc
https://github.com/rxerium/CVE-2025-8875-CVE-2025-8876

The repository contains Nuclei templates for detecting vulnerable versions of N-able N-central affected by CVE-2025-8875 and CVE-2025-8876. It checks for version numbers and specific HTML elements to identify vulnerable instances but does not include exploit code.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: N-able N-central before 2025.3.1.9
No auth needed
Prerequisites: Network access to the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.8
EPSS 0.0376
EPSS Percentile 88.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2025-08-13
VulnCheck KEV 2025-08-13
ENISA EUVD EUVD-2025-24823
CWE
CWE-502
Status published
Products (1)
n-able/n-central < 2025.3.1
Published Aug 14, 2025
KEV Added Aug 13, 2025
Tracked Since Feb 18, 2026