{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-59710", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-03T14:39:54.309Z", "dateReserved": "2025-09-19T00:00:00.000Z", "datePublished": "2026-04-03T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-03T14:39:54.309Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the server."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.synacktiv.com/en/advisories/remote-code-execution-from-any-domain-account-in-biztalk360"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kovai:biztalk360:*:*:*:*:*:*:*:*", "matchCriteriaId": "71A18991-9CB5-4CF6-BE4C-1F8A8847AEE0", "versionEndExcluding": "11.6.3963.2611", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the server."}], "id": "CVE-2025-59710", "lastModified": "2026-04-09T00:46:56.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-03T15:16:04.500", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.synacktiv.com/en/advisories/remote-code-execution-from-any-domain-account-in-biztalk360"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,11.5)"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "biztalk360", "vendor": "biztalk360"}], "analysis": {"en": {"generated_at": "2026-04-03T17:21:28.876242+00:00", "value": {"mitigation_remediation": ["Upgrade Biztalk360 to version 11.5 or later.", "If an upgrade is not immediately possible, restrict DLL upload capability to privileged administrators only or disable the feature if not needed.", "Implement monitoring to detect and alert on unauthorized DLL upload attempts.", "Apply general security hardening, such as limiting process privileges and using application whitelisting."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Biztalk360 products running any version earlier than 11.5 are affected. The issue exists in all deployments using those releases without an upgrade.", "description_and_impact": "The vulnerability allows an attacker to upload an arbitrary DLL file to the Biztalk360 installation when the system is running a version prior to 11.5. During the DLL load, the system executes code contained in the file, giving the attacker full control over the server with the privileges of the application process, thus compromising confidentiality, integrity and availability.", "risk_and_exploitability": "The potential for remote code execution means a single authenticated user who can access the DLL upload functionality can achieve full system compromise. Although specific CVSS or EPSS scores are not provided, the impact is deemed high, and the vulnerability is not listed in the KEV catalog, indicating no confirmed active exploitation yet. Exploitation requires only the ability to submit a malicious DLL and trigger its loading via the exposed interface."}}}}, "created": "2026-04-03T21:17:09.330013+00:00", "title": "Remote Code Execution via Unrestricted DLL Loading in Biztalk360", "updated": "2026-04-06T21:23:14.422778+00:00", "vendors": ["biztalk360", "biztalk360$PRODUCT$biztalk360"], "weaknesses": ["CWE-285", "CWE-94"]}