CVE-2025-59785

Medium CVSS: 5.3

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption.
This vulnerability can only be exploited after authenticating with administrator privileges.

Vendor

Product

Access Commander

CWE

CWE-1286

Yayın Tarihi

2026-03-04 16:16:25

Güncelleme

2026-03-05 14:49:55

Source Identifier

be69f613-e5f6-419b-800c-30351aa8933c

KEV Date Added

Kategoriler

CWE-1286 Access Commander MEDIUM 2n 2026

Referanslar

https://www.2n.com/en-GB/download/cve_2025_59785_acom_3_5_v1pdf

Benzer Kayıtlar

Medium

CVE-2025-59784

2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be incl…

Medium

CVE-2025-59786

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to…

Medium

CVE-2025-59787

2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving…

High

CVE-2025-59783

API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation al…