CVE-2025-59784
Published: 04 March 2026
Summary
CVE-2025-59784 is a high-severity Improper Output Neutralization for Logs (CWE-117) vulnerability in 2N Access Commander. Its CVSS base score is 7.2 (High).
Operationally, ranked at the 18.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.NVD Description
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges.
Deeper analysisAI
CVE-2025-59784 is a log pollution vulnerability (CWE-117) affecting 2N Access Commander version 3.4.1 and prior versions. The issue arises when certain parameters sent over the API are included in logs without prior validation or sanitization, published on 2026-03-04 with a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
The vulnerability requires an attacker to first authenticate with administrator privileges before exploitation. A malicious administrator can send crafted API parameters that pollute the logs with unsanitized content, potentially leading to high impacts on confidentiality, integrity, and availability as indicated by the CVSS vector.
The vendor 2N has published an advisory detailing mitigation at https://www.2n.com/en-GB/download/cve_2025_59784_acom_3_5_v1pdf, which references Access Commander 3.5.
Details
- CWE(s)