{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-59706", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-25T14:44:42.223Z", "dateReserved": "2025-09-19T00:00:00.000Z", "datePublished": "2026-03-25T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-25T14:44:42.223Z"}, "descriptions": [{"lang": "en", "value": "In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.n2ws.com"}, {"url": "https://n2ws.zendesk.com/hc/en-us/articles/29817965452701-Release-notes-for-N2W-V4-3-2-August-2025"}, {"url": "https://n2ws.com/blog/security-advisory-update"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:n2w:n2w:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4264B27-18CB-4020-B7D6-8A902851078A", "versionEndExcluding": "4.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution."}], "id": "CVE-2025-59706", "lastModified": "2026-03-26T20:35:31.860", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-25T15:16:29.140", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://n2ws.com/blog/security-advisory-update"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://n2ws.zendesk.com/hc/en-us/articles/29817965452701-Release-notes-for-N2W-V4-3-2-August-2025"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.n2ws.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.3.2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.4.0,4.4.1)"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "product": "n2w", "vendor": "n2ws"}], "analysis": {"en": {"generated_at": "2026-03-26T13:28:43.703841+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011supplied patch that updates N2W to version 4.3.2 or later 4.4.1.", "If an immediate update is unavailable, restrict API access to trusted hosts or lower the API\u2019s permitted actions until a patch can be applied.", "Continuously monitor API traffic for anomalous requests that do not conform to expected parameters and alert on repeated violations."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "N2W products are affected, specifically any installations running N2W versions earlier than 4.3.2 and N2W 4.4.0 prior to 4.4.1. The issue is tied to the API interface exposed to external clients.", "description_and_impact": "This vulnerability allows an attacker to execute arbitrary code on vulnerable N2W systems by sending specially crafted API requests that bypass input validation. When the improper validation is exploited, an attacker can gain full control of the target machine, compromising confidentiality, integrity, and availability of the system and the data it processes.", "risk_and_exploitability": "The lack of a CVSS or EPSS score and the absence of a listing in CISA\u2019s KEV catalog suggest that the vulnerability has not yet been widely exploited, but its remote code execution nature places it in the high-risk category. Attackers can trigger exploitation over the network by sending API calls to the vulnerable endpoint; no local privilege or user interaction is required. The practical risk is significant, especially for services exposed directly to the internet."}}}}, "created": "2026-03-25T20:57:05.282280+00:00", "title": "Remote Code Execution via Improper API Parameter Validation in N2W", "updated": "2026-03-26T13:55:15.678135+00:00", "vendors": ["n2ws", "n2ws$PRODUCT$n2w"], "weaknesses": ["CWE-20"]}