This vulnerability in Biztalk360 prior to version 11.5 involves improper sanitization of user input during file uploads, enabling an authenticated attacker to perform directory traversal. This can lead to writing files outside the designated directory and possibly forcing authentication bypass or coercion. The CVSS 3.1 score of 8.3 reflects high impact on confidentiality and integrity with low attack complexity and requiring privileges. No vendor advisory or patch information is available to confirm remediation status.

Successful exploitation could allow an authenticated attacker to write files outside the intended directory, potentially overwriting or adding unauthorized files. This may lead to unauthorized access or modification of sensitive data and could coerce authentication, compromising service integrity. The impact on availability is low. There are no known active exploits reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict upload permissions to trusted users only and monitor for suspicious file upload activity. Avoid exposing the upload functionality to untrusted users. Follow vendor communications closely for updates on patches or official mitigations.