- Description
- Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- trufusion_enterprise
CVSS 4.0
- Type
- Secondary
- Base score
- 9.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-35
- Hype score
- Not currently trending
🚨*CVE* CVE-2025-59793 Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However,… https://t.co/4jd1GZcw10 ----- Traducción: CVE-2025-59793 Roc… https://t.co/utmtNg
@infoflowcloud
23 Mar 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-59793 Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However,… https://t.co/gOH8mCQ8dM
@CVEnew
23 Mar 2026
164 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-59793 Path Traversal in Rocket TRUfusion Enterprise Enabling Arbitrary File Write https://t.co/hBCBIebNFC
@VulmonFeeds
17 Feb 2026
37 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Pwning TRUfusion Enterprise again: chaining a pre-auth SSRF (CVE-2025-32355), a default password, and a path traversal (CVE-2025-59793) to gain RCE. #security https://t.co/0VmQ6SaQZc
@MrTuxracer
17 Feb 2026
2593 Impressions
9 Retweets
48 Likes
19 Bookmarks
2 Replies
0 Quotes
Pwning TRUfusion Enterprise again: chaining a pre-auth SSRF (CVE-2025-32355), a default password, and a path traversal (CVE-2025-59793) to gain RCE. #security https://t.co/kkVDeAnTVi
@rcesecurity
17 Feb 2026
2006 Impressions
11 Retweets
38 Likes
17 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rocketsoftware:trufusion_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA79548C-F8C9-46F0-9101-612A48E67DF3",
"versionEndExcluding": "7.10.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]