Cyber Posture

CVE-2025-59793

CriticalPublic PoC

Published: 17 February 2026

Published
17 February 2026
Modified
03 April 2026
KEV Added
Patch
CVSS Score 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0075 73.3th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files…

more

to arbitrary local filesystem locations and may subsequently lead to remote code execution.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly requires validation and sanitization of the jobDirectory parameter to block path traversal sequences in file uploads.

SI-2 Flaw Remediation good match
prevent

Mandates timely remediation of the path traversal flaw through patching or code corrections to eliminate arbitrary file write capability.

SI-9 Information Input Restrictions partial match
prevent

Restricts the jobDirectory input to safe formats and values, preventing malicious path traversal payloads from being accepted.

Security SummaryAI

Rocket TRUfusion Enterprise through version 7.10.5 contains a path traversal vulnerability (CWE-35) in the /axis2/services/WsPortalV6UpDwAxis2Impl endpoint, which is exposed to authenticated users for file uploads. The application fails to properly sanitize the jobDirectory parameter, enabling attackers to include path traversal sequences. This flaw allows files to be written to arbitrary locations on the local filesystem, with potential for subsequent remote code execution. The vulnerability has a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) and was published on 2026-02-17.

An authenticated user with low privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By crafting a malicious jobDirectory parameter containing path traversal sequences (e.g., ../), the attacker can upload files to sensitive locations outside the intended directory. Successful exploitation grants high-impact confidentiality, integrity, and availability effects, including the possibility of achieving remote code execution on the server.

Advisories and additional details are available from RCESecurity at https://www.rcesecurity.com/advisories/cve-2025-59793/ and the vendor's product pages at https://www.rocketsoftware.com/en-us/products/b2b-supply-chain-integration/trufusion and https://www.rocketsoftware.com/products/rocket-b2b-supply-chain-integration/rocket-trufusion-enterprise. Practitioners should consult these resources for mitigation guidance, such as applying patches if available or restricting access to the affected endpoint.

Details

CWE(s)
CWE-35

Affected Products

rocketsoftware
trufusion enterprise
≤ 7.10.5.0

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Path traversal vulnerability in a network-accessible web service endpoint (AV:N) enables low-privilege authenticated users to write files arbitrarily, leading to remote code execution, directly facilitating T1190 (Exploit Public-Facing Application) and T1068 (Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References