CVE-2025-59785

EPSS 0.19%
Veröffentlicht 04.03.2026 15:30:31
Zuletzt bearbeitet 05.03.2026 14:49:55
Quelle be69f613-e5f6-419b-800c-30351a
CVE-Watchlists
Login
Unerledigt
Login

API - Insufficient Input Validation

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption.
This vulnerability can only be exploited after authenticating with administrator privileges.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

2n ≫ Access Commander Version < 3.5

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.086

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
be69f613-e5f6-419b-800c-30351aa8933c	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-1286 Improper Validation of Syntactic Correctness of Input

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

https://www.2n.com/en-GB/download/cve_2025_59785_acom_3_5_v1pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-59785

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-59785

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-59785

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-59785