The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. This vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NN Able N Central
APPN-Able< 2024.3
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
Related vulnerabilities
CVE-2025-8875CRITICAL9.4⚠ KEVPL ✓ten sam produkt
Deserializacja niezaufanych danych w N-Able N-Central umożliwia RCE
CVE-2025-8876CRITICAL9.4⚠ KEVPL ✓ten sam produkt
OS Command Injection w N-able N-central (przed wersją 2025.3.1)
CVE-2025-11367CRITICAL10.0PL ✓ten sam produkt
RCE przez deserialization w N-Able N-Central Software Probe
CVE-2025-11366CRITICAL9.4PL ✓ten sam produkt
Authentication bypass via path traversal w N-Able N-Central
CVE-2024-28200CRITICAL9.1PL ✓ten sam produkt
Authentication Bypass interfejsu użytkownika w N-Able N-Central