Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

N-able

Source -

CNACISA

BOS Name -

N/A

CNA CVEs -

7

ADP CVEs -

0

CISA CVEs -

2

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
7Vulnerabilities found
CVE-2025-7051
Assigner-N-able
ShareView Details
Assigner-N-able
CVSS Score-8.3||HIGH
EPSS-0.04% / 10.03%
||
7 Day CHG~0.00%
Published-21 Aug, 2025 | 17:34
Updated-22 Aug, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
N-central Syslog Configuration Insecure Direct Object Reference

On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2.

Action-Not Available
Vendor-N-able
Product-N-central
CWE ID-CWE-284
Improper Access Control
CVE-2025-8875
Assigner-N-able
ShareView Details
Assigner-N-able
CVSS Score-9.4||CRITICAL
EPSS-11.73% / 93.43%
||
7 Day CHG+1.08%
Published-14 Aug, 2025 | 14:56
Updated-15 Aug, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-08-20||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Insecure Deserialization Vulnerability

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.

Action-Not Available
Vendor-n-ableN-ableN-able
Product-n-centralN-centralN-Central
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-8876
Assigner-N-able
ShareView Details
Assigner-N-able
CVSS Score-9.4||CRITICAL
EPSS-23.46% / 95.75%
||
7 Day CHG+2.94%
Published-14 Aug, 2025 | 14:53
Updated-15 Aug, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-08-20||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Command Injection Vulnerability

Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.

Action-Not Available
Vendor-n-ableN-ableN-able
Product-n-centralN-centralN-Central
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-8510
Assigner-N-able
ShareView Details
Assigner-N-able
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 24.98%
||
7 Day CHG+0.01%
Published-17 Mar, 2025 | 19:01
Updated-18 Mar, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
N-central Path Traversal

N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Customer data is not exposed. This vulnerability is present in all deployments of N-central prior to N-central 2024.6.

Action-Not Available
Vendor-N-able
Product-N-central
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-23
Relative Path Traversal
CVE-2024-5445
Assigner-N-able
ShareView Details
Assigner-N-able
CVSS Score-3.8||LOW
EPSS-0.07% / 22.24%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 22:04
Updated-07 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ecosystem Agent Insufficient Transport Layer Security

Ecosystem Agent version 4 < 4.1.5.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent and N-able servers from a privileged network position.

Action-Not Available
Vendor-N-able
Product-Ecosystem Agent
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-28200
Assigner-N-able
ShareView Details
Assigner-N-able
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 19.36%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 20:49
Updated-22 Aug, 2024 | 13:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
N-central Authentication Bypass

The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.

Action-Not Available
Vendor-n-ableN-ablen-able
Product-n-centralN-centraln-central
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2024-5322
Assigner-N-able
ShareView Details
Assigner-N-able
CVSS Score-9.1||CRITICAL
EPSS-0.04% / 10.71%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 20:46
Updated-01 Aug, 2024 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
N-central Authentication Bypass via Session Rebinding

The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. This vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3.

Action-Not Available
Vendor-N-ablen-able
Product-N-centraln-central
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel