The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NN Able N Central
APPN-Able< 2024.2
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
Related vulnerabilities
CVE-2025-8875CRITICAL9.4⚠ KEVPL ✓ten sam produkt
Deserializacja niezaufanych danych w N-Able N-Central umożliwia RCE
CVE-2025-8876CRITICAL9.4⚠ KEVPL ✓ten sam produkt
OS Command Injection w N-able N-central (przed wersją 2025.3.1)
CVE-2025-11367CRITICAL10.0PL ✓ten sam produkt
RCE przez deserialization w N-Able N-Central Software Probe
CVE-2025-11366CRITICAL9.4PL ✓ten sam produkt
Authentication bypass via path traversal w N-Able N-Central
CVE-2024-5322CRITICAL9.1PL ✓ten sam produkt
Authentication Bypass w N-Able N-Central poprzez session rebinding (Entra SSO)