CVE-2025-59785 PUBLISHED

API - Insufficient Input Validation

Assigner: 2N
Reserved: 19.09.2025 Published: 04.03.2026 Updated: 04.03.2026

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
CVSS Score: 5.3

Product Status

Vendor 2N Telekomunikace a.s.
Product 2N Access Commander
Versions Default: unaffected
  • affected from 0 to 3.5 (excl.)

References

Problem Types

  • CWE-1286 – Improper Validation of Syntactic Correctness CWE

Impacts

  • CAPEC-153 — Input Data Manipulation