SOC Advisory – N-able N-central Critical Vulnerabilities – 13 November 2025

Overview

CVE: CVE-2025-11366, CVE-2025-11367
Severity: Critical
Date: 13 November 2025

N-able has disclosed two critical vulnerabilities affecting N-central and the N-central Windows Software Probe. These flaws allow authentication bypass, path traversal, and unauthenticated remote code execution. This presents significant risk to managed service providers and their customers. Independent reporting has highlighted the operational impact of these vulnerabilities across the RMM ecosystem.

Affected Versions

• N-central Server – vulnerable to authentication bypass
• N-central Windows Software Probe – vulnerable to unauthenticated remote code execution

Vulnerability Breakdown

CVE-2025-11366 – N-central Authentication Bypass

• Severity: Critical
• CVSS: 9.4
• Description: A path traversal flaw allows an unauthorised, remote attacker to bypass authentication on an N-central server. Successful exploitation may provide direct access to administrative features and sensitive information.
• Impact:
  • Unauthorised access
  • Lateral movement
  • Potential takeover of managed devices

CVE-2025-11367 – N-central Software Probe Remote Code Execution

• Severity: Critical
• CVSS: 10.0
• Description: A vulnerability in the N-central Windows Software Probe allows a remote, unauthenticated attacker to execute arbitrary code on the probe host.
• Impact:
  • Full system compromise
  • Malicious code execution
  • Possible pivoting deeper into customer environments

Mitigation

• Apply N-able patches immediately for both N-central and the Windows Software Probe.
• Restrict access to exposed management interfaces using firewall policies.
• Review probe locations and rotate credentials or API keys if compromise is suspected.
• Monitor for unusual authentication attempts or unexpected remote execution activity.
• Investigate managed devices for unexpected modifications.

Summary for IT Teams

• Products: N-central Server, Windows Software Probe
• Threat Level: Critical
• Action Required:
  • Patch immediately
  • Restrict external access to N-central interfaces
  • Validate the integrity of managed endpoints
  • Monitor logs for unusual authentication or remote execution behaviour

Reference

• CVE-2025-11366
• CVE-2025-11367
• CRN Coverage

Need Help?

If your organisation requires assistance identifying affected systems, applying updates or adjusting controller configurations, our team is here to help. Email us via soc@secure-iss.com for assistance.