Unrated severityNVD Advisory· Published Jan 28, 2026· Updated Jan 28, 2026

Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server

CVE-2025-59893

Description

Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it is possible, using a POST request to rename commands via '/rename_command?sid=', affecting the 'command_name' parameter.

Affected products

Syncbreeze/Sync Breeze Enterprisellm-fuzzy
Range: <=10.4.18
Flexense/Disk Pulse Enterprisellm-fuzzy
Range: <=10.4.18
Flexense/Disk Pulse Enterprisev5
Range: v10.4.18
Flexense/Sync Breeze Enterprise Serverv5
Range: v10.4.18

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-productsmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000