CVE-2025-8876

Command Injection Vulnerability

Basic Information

CVE State: PUBLISHED
Reserved Date: August 11, 2025
Published Date: August 14, 2025
Last Updated: October 21, 2025
Vendor: N-able
Product: N-central
Description: Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.
Tags

CVSS Scores

CVSS v4.0

9.4 - CRITICAL

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2026-06-01 10:38:55 UTC) Source

References

https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/

Known Exploited Vulnerability Information

Source	Added Date
CVE	2026-06-01 10:38:55 UTC

Timeline

CVE ID Reserved

August 11, 2025
CVE Published to Public

August 14, 2025
Added to KEVIntel

June 01, 2026