Summaryinfo

A vulnerability categorized as critical has been discovered in N2W up to 4.3.1/4.4.0. This vulnerability affects unknown code. Executing a manipulation can lead to Remote Privilege Escalation. This vulnerability appears as CVE-2025-59707. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability was found in N2W up to 4.3.1/4.4.0. It has been declared as critical. This vulnerability affects an unknown functionality. The manipulation with an unknown input leads to a remote privilege escalation vulnerability. The CWE definition for the vulnerability is CWE-290. This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft because of a spoofing vulnerability.

This vulnerability was named CVE-2025-59707 since 09/19/2025. The exploitation appears to be easy. The attack can be initiated remotely. The technical details are unknown and an exploit is not available.

Upgrading to version 4.3.2 or 4.4.1 eliminates this vulnerability.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• N2W

Version

• 4.0
• 4.1
• 4.2
• 4.3
• 4.3.0
• 4.3.1
• 4.4.0

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion