Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Lifecycle Timeline
3DescriptionCVE.org
An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce an authentication from the service, aka Directory Traversal.
AnalysisAI
Directory traversal in BizTalk360 before version 11.5 allows authenticated attackers to write files outside the intended upload directory and potentially coerce authentication from the service through mishandling of user input in an upload mechanism. The vulnerability requires valid authentication credentials but enables arbitrary file write capabilities that could lead to remote code execution or service compromise.
Technical ContextAI
The vulnerability exists in BizTalk360's file upload handling mechanism, which fails to properly validate and sanitize user-supplied path input. This is a classic path traversal (directory traversal) vulnerability where an attacker can use directory traversal sequences (such as ../ or absolute paths) to escape the intended upload directory boundaries. The root cause stems from insufficient input validation on file paths during the upload process, allowing an authenticated user to specify arbitrary file destinations on the underlying system. BizTalk360 is a Microsoft BizTalk Server management and monitoring platform; the vulnerability affects versions prior to 11.5.
RemediationAI
The primary remediation is to upgrade BizTalk360 to version 11.5 or later, which addresses the directory traversal vulnerability. Organizations running versions 11.4 and earlier should prioritize this upgrade. Until patching is possible, restrict file upload functionality to trusted administrators only, implement strict file path validation on the application layer, and review recent file upload activity for suspicious file write patterns outside normal directories. Refer to the Synacktiv advisory at https://www.synacktiv.com/en/advisories/remote-code-execution-from-any-domain-account-in-biztalk360 for additional technical details and confirmation of remediation.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209206
GHSA-q6cm-wqcq-7q3c