CVE-2025-59706

EUVD-2025-208987
In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
n2wn2w
𝑥
< 4.3.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://n2ws.com/blog/security-advisory-update
https://n2ws.zendesk.com/hc/en-us/articles/29817965452701-Release-notes-for-N2W-V4-3-2-August-2025
https://www.n2ws.com