CVE-2025-59786

EUVD-2025-208279
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
2naccess_commander
𝑥
< 3.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.2n.com/en-GB/download/cve_2025_59786_acom_3_5_v1pdf