Post

CISA Adds Critical Vulnerabilities to KEV Catalog: What Organizations Need to Know

Discover the latest updates to CISA's Known Exploited Vulnerabilities (KEV) Catalog, including CVE-2025-8875 and CVE-2025-8876. Learn why these vulnerabilities pose significant risks and how organizations can mitigate them.

Posted
By Tom Grant
3 min read
CISA Adds Critical Vulnerabilities to KEV Catalog: What Organizations Need to Know

TL;DR

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities, CVE-2025-8875 and CVE-2025-8876, to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities affect N-able N-central and are actively exploited by threat actors. Organizations, particularly federal agencies, are urged to prioritize remediation to mitigate risks.

Introduction

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog by adding two newly identified vulnerabilities: CVE-2025-8875 and CVE-2025-8876. These vulnerabilities, which impact N-able N-central, are being actively exploited by cybercriminals, posing significant risks to organizations, particularly those within the federal government.

This article explores:

  • The details of the vulnerabilities added to the KEV Catalog.
  • The potential impact on organizations.
  • CISA’s directives for federal agencies and recommendations for all organizations.
  • Steps to mitigate these vulnerabilities effectively.

Understanding the Newly Added Vulnerabilities

1. CVE-2025-8875: N-able N-central Insecure Deserialization Vulnerability

Insecure deserialization vulnerabilities occur when untrusted data is used to abuse the logic of an application, potentially leading to remote code execution (RCE), denial-of-service (DoS) attacks, or other malicious activities. This vulnerability allows attackers to manipulate serialized data, compromising the integrity and security of the system.

2. CVE-2025-8876: N-able N-central Command Injection Vulnerability

Command injection vulnerabilities enable attackers to execute arbitrary commands on a vulnerable system. In this case, threat actors can exploit the vulnerability to gain control over the affected N-able N-central system, leading to unauthorized access, data breaches, or further system compromise.

Why These Vulnerabilities Matter

Vulnerabilities like CVE-2025-8875 and CVE-2025-8876 are frequently exploited by cybercriminals due to their potential for high-impact attacks. Organizations using N-able N-central are at risk of:

  • Unauthorized access to sensitive systems.
  • Data breaches that could expose confidential information.
  • Disruption of operations due to malicious activities.

Federal agencies, in particular, are mandated to address these vulnerabilities under CISA’s Binding Operational Directive (BOD) 22-011.

CISA’s Binding Operational Directive (BOD) 22-01

What Is BOD 22-01?

CISA’s Binding Operational Directive 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to:

  • Identify and remediate vulnerabilities listed in the KEV Catalog.
  • Prioritize patching based on the due dates specified by CISA.
  • Mitigate risks associated with known exploited vulnerabilities to protect federal networks.

Who Does It Apply To?

While BOD 22-01 is mandatory for FCEB agencies, CISA strongly recommends that all organizations, including private sector entities, adopt similar measures to reduce their exposure to cyber threats.

Recommendations for Organizations

1. Immediate Actions

  • Patch Vulnerabilities: Apply the latest security updates for N-able N-central to address CVE-2025-8875 and CVE-2025-8876.
  • Monitor Systems: Implement continuous monitoring to detect and respond to suspicious activities.
  • Review Access Controls: Ensure that least privilege principles are enforced to limit potential damage from exploits.

2. Long-Term Strategies

  • Adopt a Vulnerability Management Program: Regularly scan for and remediate vulnerabilities.
  • Educate Employees: Train staff on cybersecurity best practices to prevent social engineering attacks.
  • Stay Informed: Keep up-to-date with CISA’s KEV Catalog and other threat intelligence sources.

Conclusion

The addition of CVE-2025-8875 and CVE-2025-8876 to CISA’s KEV Catalog underscores the ongoing threat posed by exploited vulnerabilities. Organizations, especially those in the federal sector, must act swiftly to patch these vulnerabilities and strengthen their cybersecurity posture.

By following CISA’s guidelines and adopting proactive security measures, organizations can minimize risks and protect their systems from cyber threats.

Additional Resources

For further insights, check:

  1. Binding Operational Directive 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities. CISA. Retrieved 2025-08-13. ↩︎

Cybersecurity, Vulnerabilities
cybersecurity vulnerability threat-intelligence
This post is licensed under CC BY 4.0 by the author.