{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-59707", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-27T03:57:12.342Z", "dateReserved": "2025-09-19T00:00:00.000Z", "datePublished": "2026-03-25T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-25T14:45:16.648Z"}, "descriptions": [{"lang": "en", "value": "In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft because of a spoofing vulnerability."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.n2ws.com"}, {"url": "https://n2ws.zendesk.com/hc/en-us/articles/29817965452701-Release-notes-for-N2W-V4-3-2-August-2025"}, {"url": "https://n2ws.com/blog/security-advisory-update"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-290", "lang": "en", "description": "CWE-290 Authentication Bypass by Spoofing"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T03:56:38.939659Z", "id": "CVE-2025-59707", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T03:57:12.342Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-59707", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-27T03:56:38.939659Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-290", "description": "CWE-290 Authentication Bypass by Spoofing"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T03:57:07.328Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.n2ws.com"}, {"url": "https://n2ws.zendesk.com/hc/en-us/articles/29817965452701-Release-notes-for-N2W-V4-3-2-August-2025"}, {"url": "https://n2ws.com/blog/security-advisory-update"}], "descriptions": [{"lang": "en", "value": "In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft because of a spoofing vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-25T14:45:16.648Z"}}}, "cveMetadata": {"cveId": "CVE-2025-59707", "state": "PUBLISHED", "dateUpdated": "2026-03-27T03:57:12.342Z", "dateReserved": "2025-09-19T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-25T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:n2ws:n2w:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5D0510D-0043-47A2-A54C-CCEAB98B60E8", "versionEndExcluding": "4.3.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:n2ws:n2w:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD863497-1374-4081-B7C7-75EC4F702E91", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft because of a spoofing vulnerability."}, {"lang": "es", "value": "En N2W antes de 4.3.2 y 4.4.x antes de 4.4.1, existe potencial ejecuci\u00f3n remota de c\u00f3digo y robo de credenciales de cuenta debido a una vulnerabilidad de suplantaci\u00f3n de identidad."}], "id": "CVE-2025-59707", "lastModified": "2026-04-25T18:01:30.000", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T15:16:29.257", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://n2ws.com/blog/security-advisory-update"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://n2ws.zendesk.com/hc/en-us/articles/29817965452701-Release-notes-for-N2W-V4-3-2-August-2025"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.n2ws.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-290"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.3.2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.4.1)"}}], "enrichment": {"confidence": 70.0, "confidence_source": "inferred", "scores": [{"score": 70.0, "source": "inferred"}]}, "product": "n2w", "vendor": "n2ws"}], "analysis": {"en": {"generated_at": "2026-03-27T10:30:49.386044+00:00", "value": {"mitigation_remediation": ["Upgrade N2W to version 4.3.2 or newer, which contains the security fix", "If an upgrade is not immediately feasible, restrict access to N2W management interfaces to trusted IP ranges and enforce strong authentication mechanisms", "Continuously monitor authentication logs and network traffic for suspicious activity and alert administrators of potential compromise"], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected vendor is N2W, product N2W. Versions before 4.3.2 and before 4.4.1 are impacted. The vulnerability is present across all prior releases up to and including those versions, affecting organizations that have not yet applied the patch released in N2W V4.3.2 and V4.4.1.", "description_and_impact": "In N2W software versions older than 4.3.2 and 4.4.x older than 4.4.1, a spoofing vulnerability permits attackers to execute arbitrary code remotely and obtain account credentials. This flaw arises from incorrect permission assignment for critical resources (CWE-290). The result is total compromise of confidentiality, integrity, and availability, allowing attackers to gain unrestricted system access and exfiltrate sensitive data.", "risk_and_exploitability": "The CVSS score of 9.8 places the flaw in the critical severity range, while the EPSS score of less than 1% suggests a low probability of exploitation. It is not captured in the CISA KEV catalog. Based on the description, the attack vector is likely remote, with the attacker exploiting the application logic over the network, possibly through web interfaces or API calls. Exploitation requires the ability to send crafted requests that are treated as legitimate user actions, hence the spoofing context."}}}}, "created": "2026-03-25T20:57:04.262479+00:00", "title": "Remote Code Execution via Spoofing in N2W before 4.3.2", "updated": "2026-03-27T15:48:10.555740+00:00", "vendors": ["n2ws", "n2ws$PRODUCT$n2w"]}