CVE-2025-59793 is a critical vulnerability affecting Rocket TRUfusion Enterprise versions through 7.10.5. The vulnerability resides in the /axis2/services/WsPortalV6UpDwAxis2Impl endpoint, which allows authenticated users to upload files. The core issue is the improper sanitization of the jobDirectory parameter, which accepts path traversal sequences (e.g., ../) without validation. This enables attackers to write files outside the intended directory, potentially overwriting or creating files anywhere on the local filesystem. Such unauthorized file writes can be leveraged to place malicious code or scripts that the system may execute, leading to remote code execution (RCE). The vulnerability requires authentication but no user interaction, making it easier for insiders or compromised accounts to exploit. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H) reflects network attack vector, low complexity, no attack or user interaction needed, and high impact on confidentiality, integrity, and availability with scope and security requirements also high. This vulnerability is classified under CWE-35 (Path Traversal). Although no public exploits are known yet, the critical severity and ease of exploitation make it a significant threat. The lack of available patches at the time of disclosure necessitates immediate mitigation steps by affected organizations.

The vulnerability allows attackers with valid credentials to write arbitrary files to the local filesystem, which can lead to complete system compromise through remote code execution. This threatens confidentiality by enabling unauthorized access to sensitive data, integrity by allowing modification or replacement of critical files, and availability by potentially disrupting services or causing system crashes. The network-exploitable nature and lack of user interaction requirements increase the risk of rapid exploitation in enterprise environments. Organizations relying on Rocket TRUfusion Enterprise for critical operations may face severe operational disruptions, data breaches, and potential lateral movement within their networks. The vulnerability could be exploited by malicious insiders or external attackers who have obtained valid credentials, increasing the attack surface. The absence of known exploits in the wild currently provides a window for remediation, but the critical CVSS score indicates a high likelihood of future exploitation attempts.

1. Immediately restrict access to the /axis2/services/WsPortalV6UpDwAxis2Impl endpoint to only highly trusted and necessary users through network segmentation and strict access controls. 2. Implement strict input validation and sanitization on the jobDirectory parameter to reject any path traversal sequences or unexpected characters. 3. Monitor file system changes and audit logs for unusual file writes or modifications, especially outside expected directories. 4. Employ application-layer firewalls or web application firewalls (WAFs) with custom rules to detect and block path traversal attempts targeting this endpoint. 5. Enforce the principle of least privilege on accounts with access to this functionality to limit the potential damage of compromised credentials. 6. Coordinate with Rocket Software for official patches or updates and apply them promptly once available. 7. Conduct regular security assessments and penetration testing focusing on file upload functionalities and path traversal vulnerabilities. 8. Educate administrators and users about the risks of credential compromise and encourage strong authentication mechanisms such as multi-factor authentication (MFA).