Vulnerability in N-able N-central

CVE-2025-9316

N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.

EPSS: 0.714 (98.7th percentile) — read the EPSS interpretation.

Affected products

N-able N-central — versions 0

Weakness classification (CWE)

CWE-1284 — Improper Validation of Specified Quantity in Input

Public proof-of-concept exploits

References

me.n-able.com/s/security-advisory/aArVy0000000rdpKAA/cve20259316-ncentral-unaut…

Frequently asked questions

What is CVE-2025-9316?: CVE-2025-9316 is a vulnerability in N-able N-central, classified under Improper Validation of Specified Quantity in Input. Published 2025-11-12.
Is CVE-2025-9316 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.