CVE-2025-59784
Log Pollution in 2N Access Commander API via Admin Input
Publication date: 2026-03-04
Last updated on: 2026-03-05
Assigner: be69f613-e5f6-419b-800c-30351aa8933c
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| 2n | access_commander | to 3.4.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-117 | The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability affects 2N Access Commander version 3.4.1 and earlier. It is a log pollution issue where certain parameters sent over the API may be recorded in the system logs without proper validation or sanitisation.
This means that malicious or malformed data could be inserted into logs, potentially causing confusion or hiding malicious activity.
Exploitation requires the attacker to have authenticated administrator privileges.
How can this vulnerability impact me? :
This vulnerability can lead to log pollution, which may obscure important log entries or inject misleading information into logs.
As a result, it can hinder incident detection and response efforts, making it harder to identify unauthorized activities or troubleshoot issues.
Since exploitation requires administrator access, the impact is limited to users with high privileges, but it still poses a risk to system integrity and monitoring.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know