CVE-2025-59793

Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution.

CVSS v3 9.9 CRITICAL

9.9^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.1 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.rcesecurity.com
https://www.rcesecurity.com/advisories/cve-2025-59793/
https://www.rocketsoftware.com/en-us/products/b2b-supply-chain-integration/trufusion
https://www.rocketsoftware.com/products/rocket-b2b-supply-chain-integration/rocket-trufusion-enterprise

Configurations

No configuration.

History

11 Mar 2026, 16:16

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.9
CWE		CWE-35

18 Feb 2026, 17:51

Type	Values Removed	Values Added
Summary		(es) Rocket TRUfusion Enterprise hasta la versión 7.10.5 expone el endpoint en /axis2/services/WsPortalV6UpDwAxis2Impl a usuarios autenticados para poder subir archivos. Sin embargo, la aplicación no sanitiza correctamente el parámetro jobDirectory, lo que permite incluir secuencias de salto de ruta. Esto permite escribir archivos en ubicaciones arbitrarias del sistema de archivos local y puede conducir posteriormente a la ejecución remota de código.

17 Feb 2026, 19:21

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-17 19:21

Updated : 2026-03-11 16:16

NVD link : CVE-2025-59793

Mitre link : CVE-2025-59793

CVE.ORG link : CVE-2025-59793

JSON object : View

Products Affected

No product.

CWE

CWE-35

Path Traversal: '.../...//'

{"id": "CVE-2025-59793", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}], "cvssMetricV40": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.4, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-17T19:21:54.927", "references": [{"url": "https://www.rcesecurity.com", "source": "cve@mitre.org"}, {"url": "https://www.rcesecurity.com/advisories/cve-2025-59793/", "source": "cve@mitre.org"}, {"url": "https://www.rocketsoftware.com/en-us/products/b2b-supply-chain-integration/trufusion", "source": "cve@mitre.org"}, {"url": "https://www.rocketsoftware.com/products/rocket-b2b-supply-chain-integration/rocket-trufusion-enterprise", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-35"}]}], "descriptions": [{"lang": "en", "value": "Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution."}, {"lang": "es", "value": "Rocket TRUfusion Enterprise hasta la versi\u00f3n 7.10.5 expone el endpoint en /axis2/services/WsPortalV6UpDwAxis2Impl a usuarios autenticados para poder subir archivos. Sin embargo, la aplicaci\u00f3n no sanitiza correctamente el par\u00e1metro jobDirectory, lo que permite incluir secuencias de salto de ruta. Esto permite escribir archivos en ubicaciones arbitrarias del sistema de archivos local y puede conducir posteriormente a la ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2026-03-11T16:16:20.203", "sourceIdentifier": "cve@mitre.org"}