CVE-2025-59710 - Vulnerability Details

- Remote Code Execution via DLL Injection in BizTalk360

Description

An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the server.

Published: 2026-04-03

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An incorrect access control bug in BizTalk360 versions earlier than 11.5 enables any user to request the loading of a DLL file. The system then calls a method within that DLL during loading, allowing an attacker to craft a malicious DLL, upload it, and execute arbitrary code on the server. This results in full compromise of confidentiality, integrity, and availability on the affected host.

Affected Systems

The vulnerability affects Kovai’s BizTalk360 product prior to version 11.5. All installations of BizTalk360 before that release are susceptible, regardless of build or patch level.

Risk and Exploitability

With a CVSS score of 8.8, the issue is rated as high severity. The EPSS score of less than 1% indicates that exploit likelihood is currently low, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be local or network‑based, as the vulnerability permits any user—authenticated or otherwise—to trigger the DLL loading process, provided they can reach the vulnerable endpoint. An attacker would need to upload a crafted DLL through the exposed interface and then invoke the load operation to execute the payload.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:kovai:biztalk360:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Biztalk360

80%

Version	Status	Scheme	Platform
`[0,11.5)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest BizTalk360 update or upgrade to version 11.5 or newer to fix the access control flaw.
If an immediate update is unavailable, block external access to the DLL upload and loading endpoints using firewalls or application layer controls.
Disable or remove the ability to load arbitrary DLLs by revoking permissions or disabling the relevant functionality until a patch is applied.
Monitor system logs for DLL load activities and flag any unauthorized attempts.

Generated by OpenCVE AI on April 9, 2026 at 09:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0016.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.synacktiv.com/en/advisories/remote-code-execution-from-any-domain-account-in-biztalk360

History

Fri, 10 Apr 2026 10:00:00 +0000

Type	Values Removed	Values Added
Title		Remote Code Execution via DLL Injection in BizTalk360

Thu, 09 Apr 2026 08:30:00 +0000

Type	Values Removed	Values Added
Title	Remote Code Execution via Unrestricted DLL Loading in Biztalk360
Weaknesses	CWE-285 CWE-94

Thu, 09 Apr 2026 01:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Kovai Kovai biztalk360
Weaknesses		CWE-434
CPEs		cpe:2.3:a:kovai:biztalk360::::::::
Vendors & Products		Kovai Kovai biztalk360
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Tue, 07 Apr 2026 00:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Biztalk360 Biztalk360 biztalk360
Vendors & Products		Biztalk360 Biztalk360 biztalk360

Fri, 03 Apr 2026 21:30:00 +0000

Type	Values Removed	Values Added
Title		Remote Code Execution via Unrestricted DLL Loading in Biztalk360
Weaknesses		CWE-285 CWE-94

Fri, 03 Apr 2026 15:15:00 +0000

Type	Values Removed	Values Added
Description		An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the server.
References		https://www.synacktiv.com/en/advisories/remote-code-execution-from-any-domain-account-in-biztalk360

Subscriptions

Biztalk360 Biztalk360

Kovai Biztalk360

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-04-03T00:00:00.000Z

Updated: 2026-04-09T20:30:28.622Z

Reserved: 2025-09-19T00:00:00.000Z

Link: CVE-2025-59710

Vulnrichment

No data.

NVD

Status : Modified

Published: 2026-04-03T15:16:04.500

Modified: 2026-04-09T21:16:07.350

Link: CVE-2025-59710

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-10T09:45:41Z

Weaknesses

CWE-434

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object