CVE-2025-59783

CVSS v4.0

8.8

High

Vector

AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions 2N Access Commander version 3.4.1

Description The user synchronization API endpoint in 2N Access Commander version 3.4.1 lacks sufficient input validation, which allows for OS command injection. Exploitation requires administrator privileges.

Recommendations Apply input validation to the user synchronization API endpoint.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2025-59783

Affected Products

2N Access Commander

CVE-2025-59783

Weakness Enumeration

Related Identifiers

Affected Products

References · 7