CVE-2025-59785
Published: 04 March 2026
Summary
CVE-2025-59785 is a medium-severity Improper Validation of Syntactic Correctness of Input (CWE-1286) vulnerability in 2N Access Commander. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-28 (Protection of Information at Rest) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-59785 is an improper validation vulnerability in an API endpoint of 2N Access Commander version 3.4.2 and prior versions. It enables attackers to bypass the password policy enforced for backup file encryption. The issue is cataloged under CWE-1286 and carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on 2026-03-04.
Exploitation requires an attacker to first authenticate with administrator privileges on the affected system. Once authenticated, the attacker can invoke the vulnerable API endpoint to circumvent password policy requirements during backup file creation, potentially resulting in weakly protected backups that expose sensitive configuration data, user credentials, or access control information. The high-impact CVSS vector indicates significant confidentiality, integrity, and availability consequences in a network-accessible environment with low attack complexity.
The vendor 2N has issued an advisory detailing mitigation, available at https://www.2n.com/en-GB/download/cve_2025_59785_acom_3_5_v1pdf, which addresses the issue in Access Commander version 3.5. Security practitioners should apply the patch promptly and review access logs for unauthorized admin activity on vulnerable installations.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208278
Vulnerability details
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct exploitation of public-facing API endpoint (T1190) to bypass encryption policy, resulting in credential exposure via weakly protected backup files (T1552.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of API inputs to block the improper endpoint handling that bypasses the backup encryption password policy.
Mandates cryptographic protection of information at rest, ensuring backup files remain confidential even if a weak encryption password is accepted.
Requires protection of backup confidentiality and integrity per the system security plan, mitigating exposure from policy-bypassed encrypted backups.