CVE-2025-59787

2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.2n.com/en-GB/download/cve_2025_59787_acom_3_5_v1pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:*

History

05 Mar 2026, 14:26

Type	Values Removed	Values Added
First Time		2n access Commander 2n
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
References	~~() https://www.2n.com/en-GB/download/cve_2025_59787_acom_3_5_v1pdf -~~	() https://www.2n.com/en-GB/download/cve_2025_59787_acom_3_5_v1pdf - Vendor Advisory
CPE		cpe:2.3:a:2n:access_commander::::::::

04 Mar 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-04 16:16

Updated : 2026-03-05 14:26

NVD link : CVE-2025-59787

Mitre link : CVE-2025-59787

CVE.ORG link : CVE-2025-59787

JSON object : View

Products Affected

2n

access_commander

CWE

CWE-703

Improper Check or Handling of Exceptional Conditions

{"id": "CVE-2025-59787", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "be69f613-e5f6-419b-800c-30351aa8933c", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-04T16:16:25.633", "references": [{"url": "https://www.2n.com/en-GB/download/cve_2025_59787_acom_3_5_v1pdf", "tags": ["Vendor Advisory"], "source": "be69f613-e5f6-419b-800c-30351aa8933c"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "be69f613-e5f6-419b-800c-30351aa8933c", "description": [{"lang": "en", "value": "CWE-703"}]}], "descriptions": [{"lang": "en", "value": "2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts."}], "lastModified": "2026-03-05T14:26:26.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5E0C7F3-83DD-4DC1-A519-51626A3E6F85", "versionEndExcluding": "3.5"}], "operator": "OR"}]}], "sourceIdentifier": "be69f613-e5f6-419b-800c-30351aa8933c"}