CVE-2025-59711
Published: 03 April 2026
Summary
CVE-2025-59711 is a high-severity Path Traversal (CWE-22) vulnerability in Kovai Biztalk360. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 46.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-59711 is a directory traversal vulnerability (CWE-22) affecting Biztalk360 versions prior to 11.5. It stems from improper handling of user-supplied input in an upload mechanism, allowing path manipulation that can result in writes outside the intended destination directory or coercion of service authentication. The flaw carries a CVSS 3.1 score of 8.3, reflecting network attack vector, low complexity, and low-privileged authenticated access with high impact on confidentiality and integrity plus limited availability consequences.
An authenticated attacker with network access can exploit the issue to achieve arbitrary file writes or force authentication interactions from the Biztalk360 service, potentially leading to further compromise such as remote code execution. The EPSS score remains low at 0.0118 with no material increase from its peak.
The referenced Synacktiv advisory details the remote code execution path reachable from any domain account and provides guidance on upgrading to the fixed release. No evidence of in-the-wild exploitation is supplied in the available data.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-209206
Vulnerability details
An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce an authentication from the service, aka Directory…
more
Traversal.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Directory traversal enables arbitrary file writes leading to RCE from low-priv accounts (T1068: Exploitation for Privilege Escalation) and explicitly allows coercing service authentication (T1187: Forced Authentication).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates user-provided input such as file paths in the upload mechanism to prevent directory traversal exploitation.
Requires identification, reporting, and correction of the directory traversal flaw through timely patching or upgrading to BizTalk360 11.5 or later.
Enforces access control policies to restrict authenticated users from writing files outside intended upload directories.