Skip to main content

Biztalk360 CVE-2025-59710

| EUVD-2025-209205 HIGH
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-04-03 mitre GHSA-8c23-q3xr-8rw3
RCE File Upload
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 03, 2026 - 15:00 euvd
EUVD-2025-209205
Analysis Generated
Apr 03, 2026 - 15:00 vuln.today
CVE Published
Apr 03, 2026 - 00:00 nvd
HIGH 8.8

DescriptionNVD

An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the server.

AnalysisAI

Remote code execution in BizTalk360 before version 11.5 allows any authenticated user to upload a malicious DLL and trigger its execution on the server through an unprotected DLL-loading endpoint. The vulnerability stems from missing access controls on a method that loads and executes DLL files, enabling attackers with valid domain credentials to achieve arbitrary code execution without requiring elevated privileges.

Technical ContextAI

BizTalk360 is a monitoring and management solution for Microsoft BizTalk Server. The vulnerability resides in an unprotected endpoint or API method responsible for dynamically loading DLL files at runtime. The underlying flaw is an access control bypass (CWE class: improper authorization/authentication) combined with unsafe deserialization or dynamic code loading without validation. The absence of proper authorization checks means that any authenticated user can invoke the DLL-loading functionality, and the lack of DLL signature validation or sandboxing allows arbitrary code execution. This is a critical architectural flaw in how the application handles dynamic library loading, a common attack surface when applications expose reflection or plugin-loading capabilities without strict access controls.

RemediationAI

The primary remediation is to upgrade BizTalk360 to version 11.5 or later, which addresses the access control deficiency. Organizations unable to patch immediately should restrict network access to BizTalk360 administrative endpoints to trusted internal networks and privileged user groups, implement strict identity and access management controls to limit which accounts can access the application, and monitor for suspicious DLL upload activities. The Synacktiv advisory at https://www.synacktiv.com/en/advisories/remote-code-execution-from-any-domain-account-in-biztalk360 provides additional technical context and should be reviewed for environment-specific guidance.

Share

CVE-2025-59710 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy