Vulnerability Database

322,129

Total vulnerabilities in the database

CVE-2025-59894

Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it is possible, using a POST request to delete all commands via '/delete_all_commands?sid='.

Published: Jan 28, 2026
Updated: Feb 11, 2026
CVE: CVE-2025-59894
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
flexense / diskpulse	10.4.18	10.4.18.x
flexense / syncbreeze	10.4.18	10.4.18.x

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-products

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo