Earlier this year, N-able N-central popped up on the CISA KEV for two vulnerabilities: CVE-2025-8875 and CVE-2025-8876. This pair of vulnerabilities allow an authenticated attacker to achieve remote code execution via deserialization and command injection. Any time an authenticated vulnerability pops up in widely deployed enterprise software, it piques our interest to see if there is something more to find.