CVE-2025-59786
Session Token Invalidity in 2N Access Commander Allows Session Hijacking
Publication date: 2026-03-04
Last updated on: 2026-03-05
Assigner: be69f613-e5f6-419b-800c-30351aa8933c
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| 2n | access_commander | to 3.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-613 | According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization." |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in 2N Access Commander version 3.4.2 and earlier, where the application improperly invalidates session tokens. Specifically, after a user logs out, multiple session cookies remain active instead of being properly invalidated.
How can this vulnerability impact me? :
Because session tokens are not properly invalidated upon logout, an attacker or unauthorized user could potentially reuse active session cookies to gain access to the web application without needing to authenticate again. This could lead to unauthorized access and potential compromise of sensitive information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know