CVE-2025-59783 | THREATINT

Description

API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges.

PUBLISHED Reserved 2025-09-19 | Published 2026-03-04 | Updated 2026-03-04 | Assigner 2N

HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

unaffected

Any version before 3.4.2

affected

References

www.2n.com/en-GB/download/cve_2025_59783_acom_3_5_v1pdf vendor-advisory

cve.org (CVE-2025-59783)

nvd.nist.gov (CVE-2025-59783)

Download JSON