CVE-2025-59787

2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.2n.com/en-GB/download/cve_2025_59787_acom_3_5_v1pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:*

History

17 Jun 2026, 09:46

Type	Values Removed	Values Added
Summary		(es) La aplicación 2N Access Commander versión 3.4.2 y anteriores devuelve respuestas de error interno del servidor HTTP 500 al recibir solicitudes malformadas o manipuladas, lo que indica un manejo inadecuado de entrada inválida y posibles impactos en la seguridad o disponibilidad.

05 Mar 2026, 14:26

Type	Values Removed	Values Added
First Time		2n access Commander 2n
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
References	~~() https://www.2n.com/en-GB/download/cve_2025_59787_acom_3_5_v1pdf -~~	() https://www.2n.com/en-GB/download/cve_2025_59787_acom_3_5_v1pdf - Vendor Advisory
CPE		cpe:2.3:a:2n:access_commander::::::::

04 Mar 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-04 16:16

Updated : 2026-06-17 09:46

NVD link : CVE-2025-59787

Mitre link : CVE-2025-59787

CVE.ORG link : CVE-2025-59787

JSON object : View

Products Affected

2n

access_commander

CWE

CWE-703

Improper Check or Handling of Exceptional Conditions

{"id": "CVE-2025-59787", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-59787", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-05T19:00:54.958469Z"}}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "be69f613-e5f6-419b-800c-30351aa8933c", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "be69f613-e5f6-419b-800c-30351aa8933c", "affectedData": [{"vendor": "2N Telekomunikace a.s.", "product": "2N Access Commander", "versions": [{"status": "affected", "version": "0", "lessThan": "3.5", "versionType": "Release"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}]}], "published": "2026-03-04T16:16:25.633", "references": [{"url": "https://www.2n.com/en-GB/download/cve_2025_59787_acom_3_5_v1pdf", "tags": ["Vendor Advisory"], "source": "be69f613-e5f6-419b-800c-30351aa8933c"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "be69f613-e5f6-419b-800c-30351aa8933c", "description": [{"lang": "en", "value": "CWE-703"}]}], "descriptions": [{"lang": "en", "value": "2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts."}, {"lang": "es", "value": "La aplicaci\u00f3n 2N Access Commander versi\u00f3n 3.4.2 y anteriores devuelve respuestas de error interno del servidor HTTP 500 al recibir solicitudes malformadas o manipuladas, lo que indica un manejo inadecuado de entrada inv\u00e1lida y posibles impactos en la seguridad o disponibilidad."}], "lastModified": "2026-06-17T09:46:43.073", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5E0C7F3-83DD-4DC1-A519-51626A3E6F85", "versionEndExcluding": "3.5"}], "operator": "OR"}]}], "sourceIdentifier": "be69f613-e5f6-419b-800c-30351aa8933c"}