{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-59706", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-25T14:44:42.223Z", "dateReserved": "2025-09-19T00:00:00.000Z", "datePublished": "2026-03-25T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-25T14:44:42.223Z"}, "descriptions": [{"lang": "en", "value": "In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.n2ws.com"}, {"url": "https://n2ws.zendesk.com/hc/en-us/articles/29817965452701-Release-notes-for-N2W-V4-3-2-August-2025"}, {"url": "https://n2ws.com/blog/security-advisory-update"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution."}], "id": "CVE-2025-59706", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T15:16:29.140", "references": [{"source": "cve@mitre.org", "url": "https://n2ws.com/blog/security-advisory-update"}, {"source": "cve@mitre.org", "url": "https://n2ws.zendesk.com/hc/en-us/articles/29817965452701-Release-notes-for-N2W-V4-3-2-August-2025"}, {"source": "cve@mitre.org", "url": "https://www.n2ws.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.3.2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.4.0,4.4.1)"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "product": "n2w", "vendor": "n2ws"}], "analysis": {"en": {"generated_at": "2026-03-26T01:41:35.370163+00:00", "value": {"mitigation_remediation": ["Upgrade N2W to version 4.3.2 or later, or 4.4.1 or later, following the vendor release notes.", "If an upgrade is not immediately possible, restrict API access to trusted IP ranges or place the service behind a firewall.", "Regularly audit API logs for anomalous activity and apply any additional patches or security controls as they become available."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Users running N2W versions earlier than 4.3.2 for the 4.3 series and earlier than 4.4.1 for the 4.4 series are susceptible. The vulnerability affects the main N2W application and all services exposed via its API.", "description_and_impact": "In N2W versions before 4.3.2 and 4.4.0 before 4.4.1, API request parameters are not properly validated, allowing an attacker to inject malicious input that is interpreted as code by the server. This flaw can be exploited to execute arbitrary commands with the privileges of the application, exposing the system to total compromise. The weakness corresponds to input validation failures and improper code generation controls, which can lead to full control of the affected instance, jeopardizing confidentiality, integrity, and availability.", "risk_and_exploitability": "The flaw offers a straightforward remote code execution path for anyone who can reach the API endpoint. While no CVSS or EPSS values are publicly available, the high-level classification of the issue and its enabling of arbitrary code execution imply a high severity. Because the attack requires only unsanitized input to a documented API, the threat of exploitation is considerable, especially for exposed instances that have not been patched or whose API access is not mitigated."}}}}, "created": "2026-03-25T20:57:05.282280+00:00", "updated": "2026-03-26T12:18:43.538212+00:00", "vendors": ["n2ws", "n2ws$PRODUCT$n2w"]}