CVE Field Guide
About Us
CVE-2025-11366
PUBLISHED
N-central Authentication bypass via path traversal
Assigner:
N-able
Reserved:
06.10.2025
Published:
12.11.2025
Updated:
12.11.2025
N-central < 2025.4 is vulnerable to authentication bypass via path traversal
Metrics
CVSS 4.0
CVSS Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CVSS Score:
9.4
CVSS score
9.4
Exploitability Metrics
Vulnerable System Impact Metrics
Subsequent System Impact Metrics
Attack Vector
Network
Confidentiality
High
Confidentiality
High
Attack Complexity
Low
Integrity
High
Integrity
High
Attack Requirements
None
Availability
High
Availability
High
Privileges Required
Low
User Interaction
None
CVSS 4.0
Product Status
Vendor
N-able
Product
N-central
Versions
Default:
unaffected
affected from 0 to 2025.4 (excl.)
References
https://me.n-able.com/s/security-advisory/aArVy0000000rcDKAQ/cve202511366-ncentral-authentication-bypass-via-path-traversal
Problem Types
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE
Impacts
CAPEC-115 Authentication Bypass