Access Commander
CVE-2025-59785
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges.
AnalysisAI
Access Commander contains a vulnerability that allows attackers to bypass password policy for backup file encryption (CVSS 7.2).
Technical ContextAI
affects Access Commander. Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Access Commander
View allInsufficient session invalidation in 2N Access Commander 3.4.2. Multiple sessions remain valid after logout.
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation al
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be incl
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today