{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-59707", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-25T14:45:16.648Z", "dateReserved": "2025-09-19T00:00:00.000Z", "datePublished": "2026-03-25T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-25T14:45:16.648Z"}, "descriptions": [{"lang": "en", "value": "In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft because of a spoofing vulnerability."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.n2ws.com"}, {"url": "https://n2ws.zendesk.com/hc/en-us/articles/29817965452701-Release-notes-for-N2W-V4-3-2-August-2025"}, {"url": "https://n2ws.com/blog/security-advisory-update"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:n2w:n2w:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4264B27-18CB-4020-B7D6-8A902851078A", "versionEndExcluding": "4.3.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:n2w:n2w:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B6E7024C-B217-40B8-A078-2F8598D9EA39", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft because of a spoofing vulnerability."}], "id": "CVE-2025-59707", "lastModified": "2026-03-26T20:36:00.813", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-25T15:16:29.257", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://n2ws.com/blog/security-advisory-update"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://n2ws.zendesk.com/hc/en-us/articles/29817965452701-Release-notes-for-N2W-V4-3-2-August-2025"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.n2ws.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.3.2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.4.1)"}}], "enrichment": {"confidence": 70.0, "confidence_source": "inferred", "scores": [{"score": 70.0, "source": "inferred"}]}, "product": "n2w", "vendor": "n2ws"}], "analysis": {"en": {"generated_at": "2026-03-26T13:28:24.854134+00:00", "value": {"mitigation_remediation": ["Update to N2W version 4.3.2 or later. ", "Update to N2W version 4.4.1 or later. ", "If an immediate upgrade is not possible, restrict exposure of the affected endpoints to trusted IP ranges. ", "Monitor application logs for anomalous request patterns that may indicate spoofing attempts. ", "Verify that all user inputs are properly sanitized and authenticated before processing."], "summary": {"action": "Immediate Patch", "impact": "Remote code execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects N2W products running versions prior to 4.3.2 and 4.4.x prior to 4.4.1. All deployments of these older releases are impacted.", "description_and_impact": "A spoofing vulnerability in N2W allows an attacker to craft spoofed requests that can be executed remotely, leading to code execution on the server and theft of account credentials. This flaw can compromise the confidentiality, integrity, and availability of the system, potentially giving an attacker full control over the affected instance.", "risk_and_exploitability": "The potential impact is high because an attacker could execute arbitrary code and obtain credentials. No CVSS or EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog, so the exact likelihood of exploitation remains unknown. The attack vector is inferred to be remote, over the network, via crafted requests to the vulnerable endpoint."}}}}, "created": "2026-03-25T20:57:04.262479+00:00", "title": "Remote Code Execution via Spoofing in N2W versions prior to 4.4.1", "updated": "2026-03-26T13:55:14.655481+00:00", "vendors": ["n2ws", "n2ws$PRODUCT$n2w"], "weaknesses": ["CWE-200", "CWE-285"]}