{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T03:27:05.569","vulnerabilities":[{"cve":{"id":"CVE-2025-59785","sourceIdentifier":"be69f613-e5f6-419b-800c-30351aa8933c","published":"2026-03-04T16:16:25.307","lastModified":"2026-06-17T09:46:42.837","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption.\nThis vulnerability can only be exploited after authenticating with administrator privileges."},{"lang":"es","value":"Validación incorrecta del punto final de la API en 2N Access Commander versión 3.4.2 y anteriores permite al atacante eludir la política de contraseñas para el cifrado de archivos de copia de seguridad. Esta vulnerabilidad solo puede ser explotada después de autenticarse con privilegios de administrador."}],"affected":[{"source":"be69f613-e5f6-419b-800c-30351aa8933c","affectedData":[{"vendor":"2N Telekomunikace a.s.","product":"2N Access Commander","defaultStatus":"unaffected","platforms":["Linux"],"versions":[{"version":"0","lessThan":"3.5","versionType":"Release","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"be69f613-e5f6-419b-800c-30351aa8933c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-04T16:17:02.568081Z","id":"CVE-2025-59785","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"be69f613-e5f6-419b-800c-30351aa8933c","type":"Secondary","description":[{"lang":"en","value":"CWE-1286"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:*","versionEndExcluding":"3.5","matchCriteriaId":"F5E0C7F3-83DD-4DC1-A519-51626A3E6F85"}]}]}],"references":[{"url":"https://www.2n.com/en-GB/download/cve_2025_59785_acom_3_5_v1pdf","source":"be69f613-e5f6-419b-800c-30351aa8933c","tags":["Vendor Advisory"]}]}}]}