.png?h=768&iar=0&w=1024&hash=5E7D486F681E9BDF800EB4E894EE2D33 "2N OS 3.2 News")
2N publishes new CVEs for 2N Access Commander
As part of our ongoing commitment to transparency and security, we are announcing five new CVE records. And for the first time, we’re officially publishing newly identified vulnerabilities under the 2N CNA account.
.png?h=1200&iar=0&w=1600&hash=E257B805F00C11A7DEA4C5C0010A25DB "CVE 2N Access Commander news")
About the discovered vulnerabilities
The vulnerabilities affect 2N Access Commander and were identified through a coordinated disclosure process.
The following CVEs have been assigned to the identified issues:
- CVE-2025-59783 – OS Command Injection over API
- CVE-2025-59784 – Log Pollution - Control Characters Not Escaped
- CVE-2025-59785 – API - Insufficient Input Validation
- CVE-2025-59786 – Cookies are not Invalidated upon Logout and Password Change
- CVE-2025-59787 – HTTP 5XX Internal Server Errors
Each CVE record contains a standardized description of the issue and references to relevant advisories and remediation guidance.
We would like to extend our sincere thanks to the Amazon Security team for responsibly reporting these issues directly to 2N. In particular, we thank Kevin Schaller and Dominik Schneider from Amazon Security for their professional collaboration throughout the disclosure process.
2N truly appreciates researchers and security teams who work with us to maintain the highest security standards across our products, solutions, and services. Responsible disclosure and strong cooperation with the security community are essential to protecting our customers.
Commitment to security and transparency
Publishing these five CVEs under the 2N CNA account marks an important milestone in strengthening our vulnerability management process and ensuring transparent communication with our customers and partners.
We remain committed to continuously improving the security posture of 2N products and responding promptly to reported issues.
Quick reminder: what are CVE and CNA?
CVE (Common Vulnerabilities and Exposures) is a globally recognized system for identifying and cataloging publicly disclosed cybersecurity vulnerabilities. Each CVE record provides a standardized reference that helps organizations, security professionals, and vendors coordinate vulnerability management and remediation efforts.
A CNA (CVE Numbering Authority) is an organization authorized to assign CVE identifiers to vulnerabilities affecting its products or within its scope. By publishing these CVEs directly under the 2N CNA account, we are reinforcing our proactive approach to vulnerability management and responsible disclosure.
Learn more
For detailed technical information, affected versions, mitigation steps, and the full list of discovered vulnerabilities, please visit our Security Advisory page.
Beyond addressing individual vulnerabilities, we continuously invest in broader cybersecurity education and best practices to help our customers strengthen their overall security resilience. To explore our overall approach to product security, cybersecurity principles, and practical recommendations, we also invite you to visit our Cybersecurity page and download our Cybersecurity eBook, where you will find actionable guidance and best practices for strengthening your system security.
