CVE-2025-59783

High CVSS: 8.8

API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection.
This vulnerability can only be exploited after authenticating with administrator privileges.

Vendor

Product

Access Commander

CWE

CWE-78

Yayın Tarihi

2026-03-04 16:16:24

Güncelleme

2026-03-05 15:05:07

Source Identifier

be69f613-e5f6-419b-800c-30351aa8933c

KEV Date Added

Kategoriler

CWE-78 Access Commander HIGH 2n 2026

Referanslar

https://www.2n.com/en-GB/download/cve_2025_59783_acom_3_5_v1pdf

Benzer Kayıtlar

Medium

CVE-2025-59784

2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be incl…

Medium

CVE-2025-59785

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password p…

Medium

CVE-2025-59786

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to…

Medium

CVE-2025-59787

2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving…