{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-59710", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-03T14:39:54.309Z", "dateReserved": "2025-09-19T00:00:00.000Z", "datePublished": "2026-04-03T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-03T14:39:54.309Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the server."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.synacktiv.com/en/advisories/remote-code-execution-from-any-domain-account-in-biztalk360"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kovai:biztalk360:*:*:*:*:*:*:*:*", "matchCriteriaId": "71A18991-9CB5-4CF6-BE4C-1F8A8847AEE0", "versionEndExcluding": "11.6.3963.2611", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the server."}], "id": "CVE-2025-59710", "lastModified": "2026-04-09T00:46:56.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-03T15:16:04.500", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.synacktiv.com/en/advisories/remote-code-execution-from-any-domain-account-in-biztalk360"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,11.5)"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "biztalk360", "vendor": "biztalk360"}], "analysis": {"en": {"generated_at": "2026-04-09T02:23:08.726061+00:00", "value": {"mitigation_remediation": ["Upgrade Biztalk360 to version 11.5 or later, when that release contains the fix for unrestricted DLL loading.", "If an upgrade is not immediately possible, disable or restrict the DLL upload functionality by applying access control or removing the relevant API endpoint.", "Implement file validation or signature checks to ensure only trusted DLLs can be loaded, if possible.", "Monitor system logs for suspicious DLL uploads or execution and investigate promptly."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Biztalk360 deployments by Kovai prior to version 11.5 are affected. The CPE entry indicates the product 'biztalk360', and the advisory specifies all releases before 11.5 carry the flaw. Administrators of earlier releases should verify whether they have the vulnerability and consider upgrading.", "description_and_impact": "The vulnerability stems from incorrect access control that allows any user to request the loading of an arbitrary DLL on the Biztalk360 server. When the DLL is loaded, a method within it is executed. An attacker can craft a malicious DLL, upload it to the server, and trigger arbitrary code execution on the host system. The weakness relates to improper authority verification and insecure file handling, with potential impact of full remote code execution.", "risk_and_exploitability": "The CVSS base score is 8.8, indicating a high severity. The EPSS score is below 1%, suggesting a low current exploitation probability, though the flaw is not listed in the CISA KEV catalog as of the latest data. Based on the description, the most likely attack vector is through the DLL upload interface, which does not enforce proper permission checks. An attacker who can access the upload mechanism can place a crafted DLL, leading to remote code execution on the server. The impact is widespread, affecting confidentiality, integrity, and availability of the entire host."}}}}, "created": "2026-04-03T21:17:09.330013+00:00", "updated": "2026-04-09T08:29:21.816420+00:00", "vendors": ["biztalk360", "biztalk360$PRODUCT$biztalk360"]}