Zero Day MonitorZDM

← Back to list

—

CVE-2025-59710

n/a · n/a

CVE-2025-59710: An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the

Description

An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the server.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a, 11.4

References

https://www.synacktiv.com/en/advisories/remote-code-execution-from-any-domain-account-in-biztalk360

Related News (1 articles)

Tier C

VulDB6h ago

CVE-2025-59710 | Biztalk360 up to 11.4 DLL File access control

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

PublishedApr 3, 2026

Last enriched6h agov2

Trending Score29

Source articles1

Independent1

Info Completeness6/14

Missing: cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2025-59711EXP

CVE-2025-59711: An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism,

HIGHCVE-2025-59709EXP

CVE-2025-59709: An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read b

HIGHCVE-2026-26477

CVE-2026-26477: An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause a denial of service via the media_uploa

CRITICALCVE-2026-28373

CVE-2026-28373: The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryp

MEDIUMCVE-2026-30251

CVE-2026-30251: A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenSh

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 3, 2026

Discovered by ZDM

Apr 3, 2026

Updated: affectedVersions, severity

Apr 3, 2026

Version History

v2

Last enriched 6h ago

v2Tier C6h ago

Updated product to Biztalk360, affected versions to 11.4, severity to CRITICAL, and corrected exploit availability to false.

affectedVersionsseverity

via VulDB

v16h ago

Initial creation