n-able 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには パス処理の欠陥、vendor risk xxe, and vendor risk input validation があり、vendor surface software deployment and vendor surface production workloads の利用場面で ファイル上書き and vendor impact unexpected behavior などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-11700 | N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b | 8.4 | 51.78% | 2025-11-12 | 2025-12-15 |
| CVE-2025-11367 | The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b | 10.0 | 2.09% | 2025-11-12 | 2025-11-14 |
| CVE-2025-11366 | N-central < 2025.4 is vulnerable to authentication bypass via path traversal | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b | 9.4 | 0.15% | 2025-11-12 | 2025-11-14 |
| CVE-2025-10231 | An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can allow a local low-level user to run commands with elevated permissions. | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b | 7.0 | 0.01% | 2025-09-10 | 2025-09-22 |
| CVE-2025-7051 | On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2. | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b | 8.3 | 0.05% | 2025-08-21 | 2025-09-08 |
| CVE-2025-8876 KEV | Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1. | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b | 9.4 | 9.21% | 2025-08-14 | 2025-10-27 |
| CVE-2025-8875 KEV | Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1. | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b | 9.4 | 3.02% | 2025-08-14 | 2025-10-27 |
| CVE-2024-8510 | N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Customer data is not exposed. This vulnerability is present in all deployments of N-central prior to N-central 2024.6. | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b | 5.3 | 0.45% | 2025-03-17 | 2025-09-05 |
| CVE-2024-5322 | The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. This vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3. | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b | 9.1 | 0.11% | 2024-07-01 | 2025-09-08 |
| CVE-2024-28200 | The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild. | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b | 9.1 | 49.05% | 2024-07-01 | 2024-11-21 |
| CVE-2023-37244 | The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0 | [email protected] | 5.3 | 0.13% | 2024-05-02 | 2025-07-22 |
| CVE-2023-47132 | An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls. | [email protected] | 9.8 | 0.30% | 2024-02-08 | 2025-06-11 |
| CVE-2023-47131 | The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file. | [email protected] | 7.5 | 0.22% | 2024-02-08 | 2024-11-21 |
| CVE-2023-27470 | BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion. | [email protected] | 7.0 | 0.67% | 2023-09-11 | 2024-11-21 |
| CVE-2023-30297 | An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server. | [email protected] | 7.0 | 0.06% | 2023-08-04 | 2024-11-21 |