Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

N-Central is N-able's remote managing and monitoring solution. There was two vulnerabilities in the software. While reviewing the software, they found two more. This reports on all four of them.

CVE-2025-8875 was an insecure deserialization bug. ObjectInputStream is used to create an object from raw bytes. Using user controlled data, this could be used to create arbitrary objects. Although not explicitly stated, this commonly leads to RCE in Java-based products. CVE-2025-8876 was a simple command injection from input provided directly to Runtime.getRuntime().execute(). Both of these were on legacy APIs but required valid sessions.

They found that authentication could be bypassed via some pre-configured authentication information for various appliances. So, many authenticated endpoints, besides the SOAP ones, could be triggered using this. This opened up much more attack surface for them to work with and a partial authentication bypass.

While using grep for functions that use XML, they found a parser that wasn't configured with secure defaults. So, this led to an XXE issue. They used this vulnerability to retrieve arbitrary files on disk. In all likelihood, this would lead to a complete compromise of the system via extracting configuration, backup and database information with credentials.

Overall, a great chain of vulnerabilities to go from unauthenticated to taking over the machine directly. Great work!