Get a demo
Get a demo

Security Advisory Update

Share post:

As part of our continued effort to protect our customers and share actionable threat intelligence. If you identify any vulnerabilities, we encourage you to report them so we can address them quickly.

We’ve recently addressed three critical security vulnerabilities that affected some versions prior to 4.4.0 of N2W. These vulnerabilities were responsibly disclosed by independent researcher igorpyan, and we’ve already patched the issues in the latest releases.

Here’s what you need to know:

🛡 CVE-2025-32991 — Remote Code Execution via RESTful API

  • Severity: Critical
  • CVSS Score: 9.0
  • Description: A two-step exploit targeting the RESTful API could allow remote code execution.
  • Fixed in: N2W versions 4.3.2 and 4.4.0 (and newer)

🛡 CVE-2025-59706 — API Parameter Validation Bypass

  • Severity: Critical
  • CVSS Score: 9.1
  • Description: Improper validation of API request parameters could lead to remote code execution.
  • Fixed in: N2W versions 4.3.2 and 4.4.0 (and newer)

🛡 CVE-2025-59707 — Insider Attack Surface for Credential Theft

  • Severity: Critical
  • CVSS Score: 9.0
  • Description: In versions prior to 4.3.2 and in 4.4.x before 4.4.1, an attacker with insider access could spoof requests, potentially leading to credential theft or remote code execution.
  • Fixed in: N2W version 4.4.1 or 4.3.2
  • Additional Action: Apply worker security hardening (details in release notes)

What You Should Do

If you’re running version 4.3.1 or any version before 4.4.0immediate upgrade is required, to ensure full protection:

  1. Upgrade to at least 4.3.2 — ideally to the latest available version (4.4.1 or newer).
  2. Review your current security policies and ensure worker nodes have proper hardening applied.
  3. Verify API and user activity logs for anything unexpected. If you’re unsure what to look for, our support team can guide you.

Your Security Is Our Mission

These vulnerabilities have been fully addressed. We treat every reported issue with the urgency it deserves and are committed to delivering fast, secure fixes so you stay in control of your cloud environment.

N2W is designed to keep your data highly availableimmutable, and recoverable—even in the face of internal or external threats. Whether it’s through our secure RESTful architecture, built-in air-gapped recovery, or multi-cloud redundancy, we make sure your data stays yours, and only yours.

If you have any questions about the update or need assistance with upgrading, contact support or open a ticket through your N2W console.

You might also like