Zero Day MonitorZDM

← Back to list

8.3

CVE-2025-59711EXPLOITEDPATCHED

n/a · n/a

CVE-2025-59711: An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism,

Description

An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce an authentication from the service, aka Directory Traversal.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a, 11.4

References

https://www.synacktiv.com/en/advisories/remote-code-execution-from-any-domain-account-in-biztalk360

Related News (1 articles)

Tier C

VulDB6h ago

CVE-2025-59711 | Biztalk360 up to 11.4 Upload path traversal

→ No new info (linked only)

CVSS 3.18.3 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

11.5

PublishedApr 3, 2026

Last enriched6h agov2

Trending Score56

Source articles1

Independent1

Info Completeness8/14

Missing: epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2025-59709EXP

CVE-2025-59709: An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read b

HIGHCVE-2026-26477

CVE-2026-26477: An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause a denial of service via the media_uploa

CRITICALCVE-2026-28373

CVE-2026-28373: The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryp

CRITICALCVE-2025-59710

CVE-2025-59710: An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the

MEDIUMCVE-2026-30251

CVE-2026-30251: A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenSh

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 3, 2026

Discovered by ZDM

Apr 3, 2026

Actively Exploited

Apr 3, 2026

Patch Available

Apr 3, 2026

Updated: affectedVersions, severity, activelyExploited, patchAvailable

Apr 3, 2026

Version History

v2

Last enriched 6h ago

v2Tier C6h ago

Updated product to Biztalk360, affected versions to 11.4, severity to CRITICAL, marked as actively exploited, and provided patch version 11.5.

affectedVersionsseverityactivelyExploitedpatchAvailable

via VulDB

v17h ago

Initial creation