EUVD-2025-209205

| CVE-2025-59710 HIGH
2026-04-03 mitre GHSA-8c23-q3xr-8rw3
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Apr 03, 2026 - 15:00 vuln.today
EUVD ID Assigned
Apr 03, 2026 - 15:00 euvd
EUVD-2025-209205
CVE Published
Apr 03, 2026 - 00:00 nvd
HIGH 8.8

Tags

RCE File Upload

Description

An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the server.

Analysis

Remote code execution in BizTalk360 before version 11.5 allows any authenticated user to upload a malicious DLL and trigger its execution on the server through an unprotected DLL-loading endpoint. The vulnerability stems from missing access controls on a method that loads and executes DLL files, enabling attackers with valid domain credentials to achieve arbitrary code execution without requiring elevated privileges.

Technical Context

BizTalk360 is a monitoring and management solution for Microsoft BizTalk Server. The vulnerability resides in an unprotected endpoint or API method responsible for dynamically loading DLL files at runtime. The underlying flaw is an access control bypass (CWE class: improper authorization/authentication) combined with unsafe deserialization or dynamic code loading without validation. The absence of proper authorization checks means that any authenticated user can invoke the DLL-loading functionality, and the lack of DLL signature validation or sandboxing allows arbitrary code execution. This is a critical architectural flaw in how the application handles dynamic library loading, a common attack surface when applications expose reflection or plugin-loading capabilities without strict access controls.

Affected Products

BizTalk360 versions before 11.5 are affected. The specific version range is not narrowly defined in available data, but the advisory indicates that version 11.5 or later contains the fix. Organizations should verify their exact BizTalk360 version and confirm whether patches have been applied. Additional CPE details and vendor identification were not fully specified in the provided intelligence.

Remediation

The primary remediation is to upgrade BizTalk360 to version 11.5 or later, which addresses the access control deficiency. Organizations unable to patch immediately should restrict network access to BizTalk360 administrative endpoints to trusted internal networks and privileged user groups, implement strict identity and access management controls to limit which accounts can access the application, and monitor for suspicious DLL upload activities. The Synacktiv advisory at https://www.synacktiv.com/en/advisories/remote-code-execution-from-any-domain-account-in-biztalk360 provides additional technical context and should be reviewed for environment-specific guidance.

Priority Score

44
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +44
POC: 0

Share

EUVD-2025-209205 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy