What is it?
N-central (from N-able) is commonly used by managed services providers (MSPs) and IT departments to monitor, manage, and maintain client networks and devices from a centralized web-based console.
There are two simultaneous threats:
– The first allows authenticated users to execute arbitrary commands
– The second allows them to inject comman ds using the first weakness
The Bleeping Computer article linked below provides more details.
Why is it a risk?
There are current reports of this attack being used “in the wild.”
This is considered a CRITICAL vulnerability.
How can you mitigate the risk?
You must upgrade your N-central installation to version 2025.3.1 or later.
The N-able link below provides a download and Release Notes.
Resources:
N-able – Release Notes for 2025.3.1
https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/
Bleeping Computer – CISA warns of N-able N-central flaws exploited in zero-day attacks
