Access Commander
CVE-2025-59786
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application.
AnalysisAI
Insufficient session invalidation in 2N Access Commander 3.4.2. Multiple sessions remain valid after logout.
Technical ContextAI
CWE-613.
RemediationAI
Update.
More in Access Commander
View allAPI endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation al
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be incl
Access Commander contains a vulnerability that allows attackers to bypass password policy for backup file encryption (CV
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving
Same weakness CWE-613 – Insufficient Session Expiration
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today