Cyber Posture

CVE-2025-59711

High

Published: 03 April 2026

Published
03 April 2026
Modified
09 April 2026
KEV Added
Patch
CVSS Score 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0059 69.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce an authentication from the service, aka Directory…

more

Traversal.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly validates user-provided input such as file paths in the upload mechanism to prevent directory traversal exploitation.

SI-2 Flaw Remediation good match
prevent

Requires identification, reporting, and correction of the directory traversal flaw through timely patching or upgrading to BizTalk360 11.5 or later.

AC-3 Access Enforcement partial match
prevent

Enforces access control policies to restrict authenticated users from writing files outside intended upload directories.

Security SummaryAI

CVE-2025-59711 is a directory traversal vulnerability (CWE-22) affecting BizTalk360 versions before 11.5. The issue arises from mishandling of user-provided input in an upload mechanism, allowing an authenticated attacker to write files outside the intended destination directory and coerce authentication from the service. Published on 2026-04-03, it carries a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L), indicating high severity due to its network accessibility, low attack complexity, and significant impacts on confidentiality and integrity.

An authenticated attacker with low privileges can exploit this vulnerability remotely without user interaction. By manipulating the upload process, they can perform directory traversal to place files in unauthorized locations, potentially leading to unauthorized access or further compromise, and coerce service authentication. The advisory reference highlights remote code execution potential from any domain account.

For mitigation guidance, refer to the Synacktiv advisory at https://www.synacktiv.com/en/advisories/remote-code-execution-from-any-domain-account-in-biztalk360, which details the issue discovered in BizTalk360. Upgrading to version 11.5 or later is implied as a resolution based on the affected versions noted.

Details

CWE(s)
CWE-22

Affected Products

kovai
biztalk360
≤ 11.6.3963.2611

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1187 Forced Authentication Credential Access
Adversaries may gather credential material by invoking or forcing a user to automatically provide authentication information through a mechanism in which they can intercept.
attack.mitre.org →
Why these techniques?

Directory traversal enables arbitrary file writes leading to RCE from low-priv accounts (T1068: Exploitation for Privilege Escalation) and explicitly allows coercing service authentication (T1187: Forced Authentication).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References