{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-59707", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-25T14:45:16.648Z", "dateReserved": "2025-09-19T00:00:00.000Z", "datePublished": "2026-03-25T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-25T14:45:16.648Z"}, "descriptions": [{"lang": "en", "value": "In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft because of a spoofing vulnerability."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.n2ws.com"}, {"url": "https://n2ws.zendesk.com/hc/en-us/articles/29817965452701-Release-notes-for-N2W-V4-3-2-August-2025"}, {"url": "https://n2ws.com/blog/security-advisory-update"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft because of a spoofing vulnerability."}], "id": "CVE-2025-59707", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T15:16:29.257", "references": [{"source": "cve@mitre.org", "url": "https://n2ws.com/blog/security-advisory-update"}, {"source": "cve@mitre.org", "url": "https://n2ws.zendesk.com/hc/en-us/articles/29817965452701-Release-notes-for-N2W-V4-3-2-August-2025"}, {"source": "cve@mitre.org", "url": "https://www.n2ws.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T17:31:10.235062+00:00", "value": {"mitigation_remediation": ["Apply the latest N2W patch (v4.3.2 or later, or v4.4.1 or later).", "If an immediate upgrade is not possible, restrict access to the web interface and monitor for suspicious activity."], "summary": {"action": "Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "N2W software versions older than 4.3.2 and N2W 4.4.x prior to 4.4.1 are affected.", "description_and_impact": "A spoofing vulnerability in N2W permits an attacker to impersonate authorized users, potentially enabling remote code execution and the theft of account credentials.", "risk_and_exploitability": "The vulnerability enables remote code execution and credential theft, making it a high\u2011risk issue. No CVSS or EPSS score is provided, and it is not listed in KEV. The likely attack vector is over the network via the web interface, though this is inferred from the remote code execution potential."}}}}, "created": "2026-03-25T20:57:04.262479+00:00", "title": "Spoofing Vulnerability in N2W Allowing Remote Code Execution and Credential Theft", "updated": "2026-03-25T20:57:04.262524+00:00", "vendors": [], "weaknesses": ["CWE-287", "CWE-306"]}