Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
2N Access Commander Log Pollution Risk on Unvalidated API Parameters
CVE-2025-59784
Summary
2N Access Commander versions 3.4.1 and earlier can write malicious data to logs if an attacker sends untrusted data through the API, compromising log integrity. This requires an attacker to have administrator access to the system. It's recommended to update to a patched version of 2N Access Commander to prevent this risk.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| 2n | access_commander | <= 3.4.2 | – |
Original title
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation.
This vulnerability...
Original description
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation.
This vulnerability can only be exploited after authenticating with administrator privileges.
This vulnerability can only be exploited after authenticating with administrator privileges.
nvd CVSS3.1
7.2
nvd CVSS4.0
6.9
Vulnerability type
CWE-117
- https://www.2n.com/en-GB/download/cve_2025_59784_acom_3_5_v1pdf Vendor Advisory
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026