Article Details

CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. N-able N-central is a Remote Monitoring and Management (RMM) platform designed for Managed Service Providers (MSPs), allowing customers to efficiently manage and secure their clients' Windows, Apple, and Linux endpoints from a single, unified platform. The vulnerabilities in question are listed below - Both shortcomings have been addressed in N-central versions 2025.3.1 and 2024.6 HF2 released on August 13, 2025. N-able is also urging customers to make sure that multi-factor authentication (MFA) is enabled, particularly for admin accounts. "These vulnerabilities require authentication to exploit," N-able said in an alert. "However, there is a potential risk to the security of your N-central environment, if unpatched. You must upgrade your on-premises N-central to 2025.3.1." It's currently not known how the vulnerabilities are being exploited in real-world attacks, in what context, and what is the scale of such efforts. The Hacker News has reached out to N-able for comment, and we will update the story if we hear back. In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are recommended to apply the necessary fixes by August 20, 2025, to secure their networks. The development comes a day after CISA placed two-year-old security flaws affecting Microsoft Internet Explorer and Office in the KEV catalog - FCEB agencies have time till September 9, 2025, to update to the latest versions, or discontinue their use if the product has reached end-of-life (EoL) status, as is the case with Internet Explorer.