CVE-2025-9316

MEDIUM EXPLOITED NUCLEI

N-central <2025.4 - Info Disclosure

Title source: llm

Description

N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.

Exploits (2)

nomisec WORKING POC 2 stars
by horizon3ai · remote
https://github.com/horizon3ai/n-able_n-central_xxe_file_read
nomisec WORKING POC
by zyyyys123 · poc
https://github.com/zyyyys123/CVE-2025-9316_CVE-2025-11700

Nuclei Templates (1)

N-central - Authentication Bypass
MEDIUMVERIFIEDby DhiyaneshDK,horizon3ai
Shodan: http.title:"N-central Login"

References (1)

Scores

CVSS v4 6.9
EPSS 0.8092
EPSS Percentile 99.2%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Details

VulnCheck KEV 2025-12-15
CWE
CWE-1284
Status published
Products (1)
N-able/N-central < 2025.4
Published Nov 12, 2025
Tracked Since Feb 18, 2026