彙總 n-able 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 路徑處理缺陷、XXE與輸入驗證問題,在 軟體部署與生產負載 使用場景中可能帶來 檔案覆寫與異常行為 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-11700 | N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b | 8.4 | 52.95% | 2025-11-12 | 2025-12-15 |
| CVE-2025-11367 | The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b | 10.0 | 2.34% | 2025-11-12 | 2025-11-14 |
| CVE-2025-11366 | N-central < 2025.4 is vulnerable to authentication bypass via path traversal | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b | 9.4 | 0.15% | 2025-11-12 | 2025-11-14 |
| CVE-2025-10231 | An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can allow a local low-level user to run commands with elevated permissions. | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b | 7.0 | 0.01% | 2025-09-10 | 2025-09-22 |
| CVE-2025-7051 | On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2. | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b | 8.3 | 0.05% | 2025-08-21 | 2025-09-08 |
| CVE-2025-8876 KEV | Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1. | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b | 9.4 | 11.74% | 2025-08-14 | 2025-10-27 |
| CVE-2025-8875 KEV | Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1. | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b | 9.4 | 3.76% | 2025-08-14 | 2025-10-27 |
| CVE-2024-8510 | N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Customer data is not exposed. This vulnerability is present in all deployments of N-central prior to N-central 2024.6. | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b | 5.3 | 0.45% | 2025-03-17 | 2025-09-05 |
| CVE-2024-5322 | The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. This vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3. | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b | 9.1 | 0.11% | 2024-07-01 | 2025-09-08 |
| CVE-2024-28200 | The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild. | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b | 9.1 | 49.95% | 2024-07-01 | 2024-11-21 |
| CVE-2023-37244 | The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0 | [email protected] | 5.3 | 0.13% | 2024-05-02 | 2025-07-22 |
| CVE-2023-47132 | An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls. | [email protected] | 9.8 | 0.30% | 2024-02-08 | 2025-06-11 |
| CVE-2023-47131 | The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file. | [email protected] | 7.5 | 0.22% | 2024-02-08 | 2024-11-21 |
| CVE-2023-27470 | BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion. | [email protected] | 7.0 | 0.67% | 2023-09-11 | 2024-11-21 |
| CVE-2023-30297 | An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server. | [email protected] | 7.0 | 0.06% | 2023-08-04 | 2024-11-21 |