CVE-2025-10231
BaseFortify
Publication date: 2025-09-10
Last updated on: 2025-09-22
Assigner: N-able
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| n-able | n-central | to 2025.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Incorrect File Handling Permission bug in the N-central Windows Agent and Probe. Under certain conditions, it allows a local low-level user to execute commands with elevated permissions, potentially gaining higher access than intended.
How can this vulnerability impact me? :
The vulnerability can allow a local low-level user to run commands with elevated permissions, which could lead to unauthorized actions on the system, compromising confidentiality, integrity, and availability of data and system resources.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The provided resources do not include specific commands or methods to detect this vulnerability on your network or system. However, the N-central 2025.3.1 release notes mention enhanced User Audit Log Export capabilities that audit additional user actions and session enforcement improvements, which could help in monitoring suspicious activities related to this vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade to N-central version 2025.3.1, which includes a critical security fix addressing CVE-2025-10231. This update improves security by fixing the incorrect file handling permission bug and enhancing session enforcement and audit logging. [1]