Primary

Context

N-able N-central Unauthenticated Session ID Generation Vulnerability

Vulnerability

Patched

A vulnerability exists in N-able N-central versions prior to 2025.4, allowing the generation of session IDs for unauthenticated users. This issue is categorized as improper access control, as it could potentially be exploited to create unauthorized sessions.

Impact

Exploitation of this vulnerability could lead to unauthorized session creation, allowing an attacker to impersonate a user or gain access to restricted areas of the application.

Remediation

Users are advised to upgrade to N-central version 2025.4.

Added: Nov 12, 2025, 4:17 PM

Updated: Nov 12, 2025, 4:25 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.0

exploitability

7.0

remediation

7.7

relevance

1.0

threat

1.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.0

exploitability

7.0

remediation

7.7

relevance

1.0

threat

1.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

N-able N-central Unauthenticated Session ID Generation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

N-able N-central

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating