N-able N-central
11 CVEs affecting N-able N-central. Latest disclosed: 2025-11-12. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-28200 | Critical | 9.1 | 2024-07-01 | The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 20… |
CVE-2024-5322 | Critical | 9.1 | 2024-07-01 | The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. This vu… |
CVE-2025-7051 | High | 8.3 | 2025-08-21 | On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerabil… |
CVE-2025-10231 | High | 7.0 | 2025-09-10 | An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can allow a local low-level user to… |
CVE-2024-8510 | Medium | 5.3 | 2025-03-17 | N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Customer data is not exposed. This vulnerab… |
CVE-2025-11367 | | 2025-11-12 | The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization | |
CVE-2025-11366 | | 2025-11-12 | N-central < 2025.4 is vulnerable to authentication bypass via path traversal | |
CVE-2025-11700 | | 2025-11-12 | N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure | |
CVE-2025-9316 | | 2025-11-12 | N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4. | |
CVE-2025-8875 | | 2025-08-14 | Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1. | |
CVE-2025-8876 | | 2025-08-14 | Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1. |