KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

PRO Back to KEVs

6.9

CVSS
Medium

CVE-2025-9316

PUBLISHED

N-central unauthenticated sessionID generation

Exploited in the wild Remote Low complexity No user interaction

Vendor: N-able
Product: N-central
Published: Nov 12, 2025
EPSS: 71.4% · 99% pctl

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot sensor data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.

nuclei_scanner

Weaknesses (CWE)

CWE-1284

Improper Validation of Specified Quantity in Input

CVSS scores

CVSS v4.0 6.9 Medium

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Exploitation status

Exploited in the wild

Recorded 2026-06-03 00:00:00 UTC · Source

References

https://me.n-able.com/s/security-advisory/aArVy0000000rdpKAA/cve20259316-ncentral-unauthenticated-sessionid-generation

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
The Shadowserver (via CIRCL) First	2026-06-03 00:00 UTC

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-9316.yaml	Jun 01, 2026

Timeline

CVE ID Reserved

2025-08-21 11:21 UTC
CVE Published to Public

2025-11-12 15:27 UTC
Detected by Nuclei

2026-06-01 15:34 UTC
Added to KEVIntel

2026-06-03 00:00 UTC