N-able N-central < 2024.2 - Authentication Bypass Detection

N-central server versions prior to 2024.2 contain an authentication bypass in the user interface, letting attackers access restricted areas without proper credentials, exploit requires no specific conditions. id: CVE-2024-28200 info: name: N-able N-central 2024.2 - Authentication Bypass Detection...

N-central - Authentication Bypass

N-central 3 matchers-condition: and matchers: - type: word words: - "SessionID" - "sessionHelloResponse" condition: and - type: status...

N-central - XML External Entities Injection

N-central versions %xxe; rand http: - raw: - | POST /dms/services/ServerUI HTTP/2 Host: Hostname Content-Type: text/xml Soapaction: ""...

Exploit for Improper Restriction of XML External Entity Reference in N-Able N-Central

No d...

Metasploit Wrap-Up 12/19/2025

React2Shell Payload Improvements Last week Metasploit released an exploit for the React2Shell vulnerability, and this week we have made a couple of improvements to the payloads that it uses. The first improvement affects all Metasploit modules. When an exploit is used, an initial payload is...

VulnCheck KEV: CVE-2025-9316

N-central 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4...

VulnCheck KEV: CVE-2025-11700

N-central versions 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure...

N-able N-Central Authentication Bypass and XXE Scanner

This module scans for vulnerable N-able N-Central instances affected by CVE-2025-9316 Unauthenticated Session Bypass and CVE-2025-11700 XXE. The module attempts to exploit CVE-2025-9316 by sending a sessionHello SOAP request to the ServerMMS endpoint with various appliance IDs to obtain an...

CVE-2025-11367

The N-central Software Probe 2025.4 is vulnerable to Remote Code Execution via deserialization...

CVE-2025-11366

N-central 2025.4 is vulnerable to authentication bypass via path traversal...

CVE-2025-11700

N-central versions 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure...

EUVD-2025-131914

N-central versions 2025.4 are vulnerable to an XML External Entities injection leading to information disclosure...

EUVD-2025-131913

N-central 2025.4 is vulnerable to authentication bypass via path traversal...

EUVD-2025-131915

N-central 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4...

CVE-2025-9316

N-central 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4...

CVE-2025-11700

N-central versions 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure...

CVE-2025-11700

N-central versions 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure...

CVE-2025-11366

N-central 2025.4 is vulnerable to authentication bypass via path traversal...

CVE-2025-11366

N-central 2025.4 is vulnerable to authentication bypass via path traversal...

CVE-2025-11367

The N-central Software Probe 2025.4 is vulnerable to Remote Code Execution via deserialization...