CVE-2025-59785
Authentication-Required API Validation Bypass in 2N Access Commander
Publication date: 2026-03-04
Last updated on: 2026-03-05
Assigner: be69f613-e5f6-419b-800c-30351aa8933c
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| 2n | access_commander | to 3.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1286 | The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
I don't know
Can you explain this vulnerability to me?
This vulnerability exists in 2N Access Commander version 3.4.2 and earlier. It involves improper validation of an API end-point, which allows an attacker to bypass the password policy that is supposed to protect backup file encryption.
However, exploitation of this vulnerability requires the attacker to already have authenticated with administrator privileges.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with administrator access to bypass the password policy protecting backup file encryption. This could lead to weaker encryption or unprotected backup files, potentially exposing sensitive data contained within those backups.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know