CVE-2025-59793
Published Feb 17, 2026
Last updated 20 days ago
- Description
- Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
- Hype score
- Not currently trending
CVE-2025-59793 Path Traversal in Rocket TRUfusion Enterprise Enabling Arbitrary File Write https://t.co/hBCBIebNFC
@VulmonFeeds
17 Feb 2026
37 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Pwning TRUfusion Enterprise again: chaining a pre-auth SSRF (CVE-2025-32355), a default password, and a path traversal (CVE-2025-59793) to gain RCE. #security https://t.co/0VmQ6SaQZc
@MrTuxracer
17 Feb 2026
2593 Impressions
9 Retweets
48 Likes
19 Bookmarks
2 Replies
0 Quotes
Pwning TRUfusion Enterprise again: chaining a pre-auth SSRF (CVE-2025-32355), a default password, and a path traversal (CVE-2025-59793) to gain RCE. #security https://t.co/kkVDeAnTVi
@rcesecurity
17 Feb 2026
2006 Impressions
11 Retweets
38 Likes
17 Bookmarks
0 Replies
0 Quotes