{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-59710", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-09T20:30:28.622Z", "dateReserved": "2025-09-19T00:00:00.000Z", "datePublished": "2026-04-03T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-03T14:39:54.309Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the server."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.synacktiv.com/en/advisories/remote-code-execution-from-any-domain-account-in-biztalk360"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-434", "lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-09T17:39:03.762418Z", "id": "CVE-2025-59710", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T20:30:28.622Z"}}]}, "dataVersion": "5.2"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kovai:biztalk360:*:*:*:*:*:*:*:*", "matchCriteriaId": "71A18991-9CB5-4CF6-BE4C-1F8A8847AEE0", "versionEndExcluding": "11.6.3963.2611", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the server."}], "id": "CVE-2025-59710", "lastModified": "2026-04-09T21:16:07.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-03T15:16:04.500", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.synacktiv.com/en/advisories/remote-code-execution-from-any-domain-account-in-biztalk360"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,11.5)"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "biztalk360", "vendor": "biztalk360"}], "analysis": {"en": {"generated_at": "2026-04-09T09:21:33.699748+00:00", "value": {"mitigation_remediation": ["Apply the latest BizTalk360 update or upgrade to version 11.5 or newer to fix the access control flaw.", "If an immediate update is unavailable, block external access to the DLL upload and loading endpoints using firewalls or application layer controls.", "Disable or remove the ability to load arbitrary DLLs by revoking permissions or disabling the relevant functionality until a patch is applied.", "Monitor system logs for DLL load activities and flag any unauthorized attempts."], "summary": {"action": "Immediate Patch", "impact": "Remote code execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Kovai\u2019s BizTalk360 product prior to version 11.5. All installations of BizTalk360 before that release are susceptible, regardless of build or patch level.", "description_and_impact": "An incorrect access control bug in BizTalk360 versions earlier than 11.5 enables any user to request the loading of a DLL file. The system then calls a method within that DLL during loading, allowing an attacker to craft a malicious DLL, upload it, and execute arbitrary code on the server. This results in full compromise of confidentiality, integrity, and availability on the affected host.", "risk_and_exploitability": "With a CVSS score of 8.8, the issue is rated as high severity. The EPSS score of less than 1% indicates that exploit likelihood is currently low, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be local or network\u2011based, as the vulnerability permits any user\u2014authenticated or otherwise\u2014to trigger the DLL loading process, provided they can reach the vulnerable endpoint. An attacker would need to upload a crafted DLL through the exposed interface and then invoke the load operation to execute the payload."}}}}, "created": "2026-04-03T21:17:09.330013+00:00", "title": "Remote Code Execution via DLL Injection in BizTalk360", "updated": "2026-04-10T09:45:41.501176+00:00", "vendors": ["biztalk360", "biztalk360$PRODUCT$biztalk360"]}