Two critical vulnerabilities were disclosed by N-able in the N-central RMM platform, with one having a maximum severity rating. To help safeguard you and your customers’ environments, please review the best practices outlined in this Cybersecurity Threat Advisory.
What is the threat?
N-able has disclosed two critical vulnerabilities affecting N-central and the N-central Windows Software Probe.
- CVE-2025-11366 has a CVSS score of 9.4 and could allow a remote, unauthenticated attacker to bypass authentication on an N-central server.
- CVE-2025-11367 has a CVSS score of 10.0 and could allow a remote, unauthenticated attacker execute arbitrary code on the probe host, which is a core part of the RMM platform responsible for device discovery and orchestration of management tasks.
Why is it noteworthy?
Successful exploitation of the N-central Authentication Bypass vulnerability, CVE-2025-11366, may provide direct access to administrative features and sensitive information, enabling unauthorized access, lateral movement, and potential takeover of managed devices.
Successful exploitation of the N-central Windows Software Probe vulnerability, CVE-2025-11367, could potentially result in full system compromise, malicious code execution, and possible pivoting deeper into customer environments.
What is the exposure or risk?
N-central Authentication Bypass is a high-risk, unauthenticated path traversal flaw. An attacker could gain direct access to manipulate administrative features, configurations, security settings, and device management. This could lead to serious confidentiality, integrity, and availability impacts across connected endpoints. Key risk drivers include the unauthenticated nature of the exploit, the high severity CVSS score, and the central role of N-central in discovering and managing devices. This can enable cascading compromises to multiple endpoints.
N-central Software Probe Remote Code Execution presents a critical exposure and risk profile. An attacker could potentially install backdoors, exfiltrating data, disrupting device discovery and management workflows, and using the compromised probe as a foothold to move laterally into customer environments. The risk is amplified by the fact that vulnerability is exploitable without authentication and targets a widely deployed, trust-critical component. The CVSS score is at the maximum level of 10.0, underscoring the potential for widespread, rapid impact across affected environments.
What are the recommendations?
Barracuda recommends the following actions to mitigate the effects of these vulnerabilities:
- Apply N-able patches immediately for both N-central and the N-central Windows Software Probe.
- Restrict access to exposed management interfaces using firewall policies.
- Review probe locations and rotate credentials or API keys if compromise is suspected.
- Monitor for unusual authentication attempts or unexpected remote execution activity.
- Investigate managed devices for unexpected modifications.
References
For more in-depth information about the recommendations, please visit the following links:
- https://www.crn.com/news/channel-news/2025/n-able-discloses-maximum-severity-n-central-rmm-vulnerability?itc=refresh
- https://secure-iss.com/soc-advisory-n-able-n-central-critical-vulnerabilities-13-november-2025/#:~:text=CVE%2D2025%2D11366%20%E2%80%93%20N,Patch%20immediately
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.