Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
2N Access Commander: Unauthenticated Admins Can Execute Unauthorized Commands
CVE-2025-59783
Summary
The user synchronization API in 2N Access Commander version 3.4.1 allows administrators to execute unauthorized system commands. To fix this issue, update to a patched version of the software. However, note that this vulnerability requires an authenticated administrator to exploit it.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| 2n | access_commander | <= 3.4.2 | – |
Original title
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection.
This vulnerability can only be exploited af...
Original description
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection.
This vulnerability can only be exploited after authenticating with administrator privileges.
This vulnerability can only be exploited after authenticating with administrator privileges.
nvd CVSS3.1
7.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-78
OS Command Injection
- https://www.2n.com/en-GB/download/cve_2025_59783_acom_3_5_v1pdf Vendor Advisory
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026