Home / Vulnerability Intelligence / CVE-2025-59786

CVE-2025-59786 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 5, 2026

2N Access Commander - Authentication Bypass

Published: March 4, 2026Updated: March 5, 2026Remote Exploitable

Overview

2N Access Commander <= 3.4.2 contains a broken authentication caused by improper invalidation of session tokens, letting attackers maintain multiple active session cookies after logout, exploit requires user logout action.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 4.4%(Probability of exploitation in next 30 days)

Impact

Attackers can maintain active sessions after logout, potentially leading to unauthorized access or session hijacking.

Mitigation

Update to the latest version beyond 3.4.2.

References

https://www.2n.com/en-GB/download/cve_2025_59786_acom_3_5_v1pdf

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 5, 2026

🔴 CVE-2025-59786 - Critical (9.8) 2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59786/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-59786
Severity: Critical
CVSS Score: 9.8
Type: broken_authentication
Status: confirmed
EPSS: 4.4%
Social Posts: 1

CWE

CWE-613

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.4%Probability of exploitation in the next 30 days