What is CVE-2025-11700?

CVE-2025-11700 is a vulnerability in N-able N-central, classified under Improper Restriction of XML External Entity Reference (XXE). Published 2025-11-12.

Is CVE-2025-11700 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XXE in N-able N-central

CVE-2025-11700

N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure

Vulnerability class: XXE (XML External Entity)

EPSS: 0.529 (98.0th percentile) — read the EPSS interpretation.

Affected products

N-able N-central — versions 0

Weakness classification (CWE)

CWE-611 — Improper Restriction of XML External Entity Reference (XXE)

Public proof-of-concept exploits

rapid7/metasploit-framework

References

me.n-able.com/s/security-advisory/aArVy0000000rabKAA

Frequently asked questions

What is CVE-2025-11700?: CVE-2025-11700 is a vulnerability in N-able N-central, classified under Improper Restriction of XML External Entity Reference (XXE). Published 2025-11-12.
Is CVE-2025-11700 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.