CVE-2025-59793CRITICAL 9.9EPSS p59.1%

CVE-2025-59793CVE-2025-59793

Description

Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution.

Scoring

CVSS 3.19.9 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS1.03% probability of exploitation · percentile 59.1% · 2026-06-18T12:00:27Z
Published2026-02-17
Last modified2026-04-03

Underlying weaknesses· 1

CWE-35

References

  1. https://www.rcesecurity.com
  2. https://www.rcesecurity.com/advisories/cve-2025-59793/
  3. https://www.rocketsoftware.com/en-us/products/b2b-supply-chain-integration/trufusion
  4. https://www.rocketsoftware.com/products/rocket-b2b-supply-chain-integration/rocket-trufusion-enterprise

1

TypeTargetConfidenceTier
WeaknessPath Traversal: '.../...//'cwe-350%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-27224
CVE
CVE-2025-27222
CVE
CVE-2025-59711
CVE
CVE-2025-41735
CVE
CVE-2025-13262
CVE
CVE-2026-36762
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.