The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization
The error classified as CWE-502 (Deserialization of Untrusted Data) involves the Software Probe component processing externally supplied serialized data without proper validation of its origin and content. An attacker requiring no authentication can deliver a crafted payload over the network, which is executed in the service process context during deserialization. The attack vector is network-based, requires no user interaction, and no elevated privileges, meaning full remote exploitation is possible.
An attacker can obtain remote code execution on the system running N-central Software Probe, and the high impact on confidentiality, integrity, and availability of both the local system and connected systems indicates the possibility of complete control takeover and potential lateral movement in the managed infrastructure.
N-central Software Probe should be updated to version 2025.4 or later as soon as possible. Detailed instructions are available in the official security bulletin from the vendor at the address indicated in the references. Until the update is applied, consider restricting network access to ports used by Software Probe to trusted sources only.
N-Able N-Central Software Probe in versions earlier than 2025.4 (component running on Windows systems).
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XN Able N Central
APPN-Able< 2025.4
Related vulnerabilities
Deserializacja niezaufanych danych w N-Able N-Central umożliwia RCE
OS Command Injection w N-able N-central (przed wersją 2025.3.1)
Authentication bypass via path traversal w N-Able N-Central
Authentication Bypass interfejsu użytkownika w N-Able N-Central
Authentication Bypass w N-Able N-Central poprzez session rebinding (Entra SSO)