CISA identified two vulnerabilities in N-able N-central, a platform for Managed Service Providers, which are actively being exploited. The vulnerabilities include an insecure deserialization issue and a command injection flaw. Both have been fixed in recent updates. N-able emphasizes the need for customers to upgrade to the latest versions and enable multi-factor authentication, particularly for admin accounts. Federal agencies should apply fixes by August 20, 2025, to protect their networks from these threats.
CISA added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation.
The vulnerabilities require authentication to exploit, but present a potential risk to the security of the N-central environment if unpatched.
Collection
[
|
...
]