CVE-2025-59706
Awaiting Analysis Awaiting Analysis - Queue

Remote Code Execution via API Parameter Validation in N2W

Vulnerability report for CVE-2025-59706, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-25

Last updated on: 2026-04-25

Assigner: MITRE

Description

In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-25
Last Modified
2026-04-25
Generated
2026-07-06
AI Q&A
2026-03-25
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
n2ws n2w to 4.3.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-290 This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-59706 is a critical security vulnerability in N2W Software versions before 4.3.2 and 4.4.0 before 4.4.1. It is caused by improper validation of API request parameters, which allows an attacker to execute remote code on the affected system.

Impact Analysis

This vulnerability can have a severe impact as it enables remote code execution, meaning an attacker could run arbitrary code on your system remotely. This could lead to unauthorized access, data theft, system compromise, or disruption of services.

Detection Guidance

To detect this vulnerability on your system, you should monitor API and user activity logs for suspicious behavior that may indicate exploitation attempts.

While specific commands are not provided, reviewing API request logs and searching for unusual or malformed API parameters could help identify potential attacks.

Mitigation Strategies

Immediate mitigation steps include upgrading N2W Software to at least version 4.3.2, preferably to the latest release 4.4.1 or newer, where the vulnerability has been fixed.

Additionally, review your security policies and apply worker node hardening as detailed in the release notes to strengthen your environment.

Monitoring API and user activity logs for suspicious behavior is also recommended to detect any ongoing exploitation attempts.

Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59706. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart