Deserialization of Untrusted Data in N-able N-central <2025.3.1 Leads to LCE
CVE-2025-8875 Published on August 14, 2025
Insecure Deserialization Vulnerability
Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.
Known Exploited Vulnerability
This N-able N-Central Insecure Deserialization Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. N-able N-Central contains an insecure deserialization vulnerability that could lead to command execution.
The following remediation steps are recommended / required by August 20, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2025-8875 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2025-8875
Want to know whenever a new CVE is published for N Able N Central? stack.watch will email you.
Affected Versions
N-able N-central:- Before 2025.3.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.