CVE-2025-8876

Aug. 15, 2025, 3:15 p.m.

9.4
Critical

Description

Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.

Product(s) Impacted

Vendor Product Versions
N-able
  • N-central
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a n-able n-central / / / / / / / /

References

https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/

Tags

CWE-20
CWE-78
a5532a13-c4dd-4202-bef1-e0b8f2f8d12b
2025-08-14
CVE-2025-8876

CVSS Score

9.4 / 10

CVSS Data - 4.0

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: LOW
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
  • Exploit Maturity: NOT_DEFINED

    • CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: Aug. 14, 2025, 3:15 p.m.
Last Modified: Aug. 15, 2025, 3:15 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

a5532a13-c4dd-4202-bef1-e0b8f2f8d12b

Linked Attack Reports

August Vulnerabilities of Note

In August 2025, eighteen high-impact vulnerabilities were identified for prioritized remediation, down from 22 in July. The month saw a focus on Citrix and D-Link flaws, with active exploitation of Citrix NetScaler products and D-Link routers. OS Command Injection was the most common weakness. One …
vulnerability
command injection
exploitation
remote code execution
snipbot
rustyclaw
patch management
deserialization
CVE-2025-8088
CVE-2025-25256
CVE-2025-8875
CVE-2025-8876
CVE-2025-20265
CVE-2025-7775
2025-09-15
mythic c2 agent
Published: September 15, 2025
Linked vulnerabilities : CVE-2024-8068, CVE-2024-8069 (CVSS 8.8), CVE-2025-54948 (CVSS 9.4), CVE-2025-8088, CVE-2024-26009 (CVSS 8.1), CVE-2025-25256 (CVSS 9.8), CVE-2025-8875 (CVSS 9.4), CVE-2025-8876 (CVSS 9.4), CVE-2025-20265 (CVSS 10.0), CVE-2025-43300 (CVSS 8.8), CVE-2025-7775 (CVSS 9.2), CVE-2025-7776 (CVSS 8.8), CVE-2025-8424 (CVSS 8.7), CVE-2025-57819, CVE-2007-0671, CVE-2013-3893, CVE-2020-25079, CVE-2020-25078, CVE-2025-48384, CVE-2022-40799
Downloadable IOCs: 11

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.