{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-59706", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-25T14:44:42.223Z", "dateReserved": "2025-09-19T00:00:00.000Z", "datePublished": "2026-03-25T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-25T14:44:42.223Z"}, "descriptions": [{"lang": "en", "value": "In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.n2ws.com"}, {"url": "https://n2ws.zendesk.com/hc/en-us/articles/29817965452701-Release-notes-for-N2W-V4-3-2-August-2025"}, {"url": "https://n2ws.com/blog/security-advisory-update"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution."}], "id": "CVE-2025-59706", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T15:16:29.140", "references": [{"source": "cve@mitre.org", "url": "https://n2ws.com/blog/security-advisory-update"}, {"source": "cve@mitre.org", "url": "https://n2ws.zendesk.com/hc/en-us/articles/29817965452701-Release-notes-for-N2W-V4-3-2-August-2025"}, {"source": "cve@mitre.org", "url": "https://www.n2ws.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T18:22:58.677434+00:00", "value": {"mitigation_remediation": ["Upgrade to N2W version 4.3.2 or later, or 4.4.1 or later", "Verify that the system is running a non\u2011vulnerable version", "If patching cannot be performed immediately, restrict API endpoint access to trusted networks", "Monitor logs and network traffic for suspicious API requests or execution errors", "Keep the system updated with future security releases"], "summary": {"action": "Immediate patch", "impact": "Remote code execution"}, "threat_synthesis": {"affected_systems": "All installations of N2W running a version earlier than 4.3.2 or 4.4.0 before 4.4.1 are affected. The vulnerability exists in the core API layer that normal users or administrators communicate with over HTTP or HTTPS.", "description_and_impact": "Improper validation of API request parameters allows an attacker to supply malicious input that is executed by the application, granting the ability to run arbitrary code on the host. This flaw stems from a failure to sanitize user-supplied data, a common root of remote code execution weaknesses. The impact is a full compromise of the system, exposing confidentiality, integrity, and availability of the affected services.", "risk_and_exploitability": "The CVSS score is not published but the severity is high. Based on the description, the likely attack vector is through network communication to exposed API endpoints; an attacker only requires connectivity to the N2W service and does not need local privileges or special configuration. This vulnerability is not listed in the Known Exploited Vulnerabilities catalog, and no public exploits have been reported yet. As a result, the risk of exploitation remains significant given the severe consequences of remote code execution."}}}}, "created": "2026-03-25T20:57:05.282280+00:00", "title": "Remote Code Execution via Unvalidated API Parameters in N2W", "updated": "2026-03-25T20:57:05.282313+00:00", "vendors": [], "weaknesses": ["CWE-20", "CWE-94"]}