CVE-2025-59891
Published: 28 January 2026
Summary
CVE-2025-59891 is a high-severity CSRF (CWE-352) vulnerability in Flexense Diskpulse. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-23 requires mechanisms to protect the authenticity of communications sessions, directly countering CSRF by implementing tokens or equivalent to validate legitimate user-initiated requests.
SI-10 mandates validation of information inputs, including CSRF tokens on state-changing POST requests to endpoints like '/setup_login?sid=', preventing processing of forged parameters such as 'username', 'password', and 'cpassword'.
IA-11 requires re-authentication for privileged actions like password changes or user creation, blocking CSRF exploitation since attackers cannot provide valid fresh credentials.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF in public-facing enterprise web server directly enables remote exploitation (T1190) to perform unauthorized actions such as local account creation (T1136.001) and account manipulation including password changes (T1098).
NVD Description
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to…
more
the lack of proper CSRF token implementation. Among other things, it is possible, using a POST request to change a user's password or create users via '/setup_login?sid=', affecting the 'username', 'password', and 'cpassword' parameters.
Deeper analysisAI
CVE-2025-59891 is a cross-site request forgery (CSRF) vulnerability, classified under CWE-352, affecting Sync Breeze Enterprise Server version 10.4.18 and Disk Pulse Enterprise version 10.4.18. The flaw stems from the lack of proper CSRF token implementation, enabling an authenticated user to trick another user into performing unintended actions within the application they are logged into. It carries a CVSS v3.1 base score of 8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.
An attacker with low-privilege authenticated access (PR:L) can exploit this vulnerability remotely (AV:N) by crafting malicious POST requests, such as to the '/setup_login?sid=' endpoint, targeting parameters like 'username', 'password', and 'cpassword'. This requires user interaction (UI:R) from a victim already logged into the application, allowing the attacker to induce actions like changing the victim's password or creating new user accounts on their behalf.
The INCIBE advisory at https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-products addresses this CVE alongside other vulnerabilities in Flexense products.
Details
- CWE(s)