Cyber Resilience

CVE-2025-59711

High

Published: 03 April 2026

Published
03 April 2026
Modified
09 April 2026
KEV Added
Patch
CVSS Score v3.1 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0066 46.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-59711 is a high-severity Path Traversal (CWE-22) vulnerability in Kovai Biztalk360. Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 46.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-59711 is a directory traversal vulnerability (CWE-22) affecting Biztalk360 versions prior to 11.5. It stems from improper handling of user-supplied input in an upload mechanism, allowing path manipulation that can result in writes outside the intended destination directory or coercion of service authentication. The flaw carries a CVSS 3.1 score of 8.3, reflecting network attack vector, low complexity, and low-privileged authenticated access with high impact on confidentiality and integrity plus limited availability consequences.

An authenticated attacker with network access can exploit the issue to achieve arbitrary file writes or force authentication interactions from the Biztalk360 service, potentially leading to further compromise such as remote code execution. The EPSS score remains low at 0.0118 with no material increase from its peak.

The referenced Synacktiv advisory details the remote code execution path reachable from any domain account and provides guidance on upgrading to the fixed release. No evidence of in-the-wild exploitation is supplied in the available data.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce an authentication from the service, aka Directory…

more

Traversal.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1187 Forced Authentication Credential Access
Adversaries may gather credential material by invoking or forcing a user to automatically provide authentication information through a mechanism in which they can intercept.
Why these techniques?

Directory traversal enables arbitrary file writes leading to RCE from low-priv accounts (T1068: Exploitation for Privilege Escalation) and explicitly allows coercing service authentication (T1187: Forced Authentication).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-59710Same product: Kovai Biztalk360
CVE-2016-20041Shared CWE-22
CVE-2025-66429Shared CWE-22
CVE-2025-54307Shared CWE-22
CVE-2026-20688Shared CWE-22
CVE-2026-32060Shared CWE-22
CVE-2026-20614Shared CWE-22
CVE-2025-48567Shared CWE-22
CVE-2026-20615Shared CWE-22
CVE-2026-28827Shared CWE-22

Affected Assets

kovai
biztalk360
≤ 11.6.3963.2611

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates user-provided input such as file paths in the upload mechanism to prevent directory traversal exploitation.

prevent

Requires identification, reporting, and correction of the directory traversal flaw through timely patching or upgrading to BizTalk360 11.5 or later.

prevent

Enforces access control policies to restrict authenticated users from writing files outside intended upload directories.

References