Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: 2 critical vulnerabilities in N-able N-Central software that can lead to Remote Code Execution (RCE), Patch Immediately!
Image
Published : 14/11/2025
- Last update: 14/11/2025
- Affected software: N-able N-Central software versions prior to 2025.4
- Type:
→ CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
→ CWE-502: Deserialization of Untrusted Data- CVE/CVSS
→ CVE-2025-11366: CVSS 9.4 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)
→ CVE-2025-11367: CVSS 10.0(CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)
Sources
N-able CVE-2025-11366 - https://me.n-able.com/s/security-advisory/aArVy0000000rcDKAQ/cve202511366-ncentral-authentication-bypass-via-path-traversal
N-able CVE-2025-11367 - https://me.n-able.com/s/security-advisory/aArVy0000000rfRKAQ/cve202511367-ncentral-windows-software-probe-remote-code-execution
Risks
N-able is a company that makes software (N-central) for remote monitoring and management (RMM). Various managed service providers (MSPs) use N-able software to oversee, secure, and maintain their clients’ IT systems.
On the 12th of November 2025, N-able published two vulnerabilities (CVE-2025-11366, CVE-2025-11367) and their patches. An unauthenticated, network-based threat actor can exploit these vulnerabilities to execute code without any user interaction.
As of the time of writing this advisory, there is no information that either vulnerability is actively exploited in the wild. Similarly, there is no publicly available proof-of-concept.
Attackers could target N-central to gain access to multiple targets as exploiting these vulnerabilities can give them the ability to enter and break large scale networks, as RMMs have privileged access and push commands and updates to lots of clients.
The exploitation of either vulnerability has a high impact on all aspects of the CIA triad (Confidentiality, Integrity, Availability).
Description
**CVE-2025-11366:**A low-privileged attacker who exploits this Path Traversal vulnerability can manage to compromise the system remotely after gaining unauthorized access to it. That can have grave consequences such as unauthorized data access, system degradation and disruption.
CVE-2025-11367:
A remote attacker without any privileges who exploits this Deserialization of Untrusted Data vulnerability can manage to execute code without user interaction. That can lead to lateral movement, data theft and eventually complete system compromise.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
NVD CVE-2025-11366 - https://nvd.nist.gov/vuln/detail/CVE-2025-11366
NVD CVE-2025-11367 - https://nvd.nist.gov/vuln/detail/CVE-2025-11367