Cyber Resilience

CVE-2025-59892

High

Published: 28 January 2026

Published
28 January 2026
Modified
10 February 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0013 2.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-59892 is a high-severity CSRF (CWE-352) vulnerability in Flexense Diskpulse. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 2.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-59892 is a Cross-Site Request Forgery (CSRF) vulnerability, mapped to CWE-352, affecting Sync Breeze Enterprise Server version 10.4.18 and Disk Pulse Enterprise version 10.4.18. The flaw arises from the lack of proper CSRF token implementation, allowing unauthorized actions within the application. It has a CVSS v3.1 base score of 8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) and was published on 2026-01-28.

An authenticated user with low privileges can exploit this vulnerability to trick another logged-in user into performing unwanted actions. Exploitation requires user interaction, such as visiting a malicious site or clicking a crafted link. For instance, an attacker could use a POST request to '/delete_command?sid=' with the 'cid' parameter to delete individual commands, potentially leading to high confidentiality, integrity, and availability impacts.

The INCIBE-CERT advisory at https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-products covers this CSRF vulnerability alongside other issues in Flexense products.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to…

more

the lack of proper CSRF token implementation. Among other things, it is possible, using a POST request to delete commands individually via '/delete_command?sid=', using the 'cid' parameter.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CSRF flaw in public-facing web server directly enables exploitation of the application to perform unauthorized actions (e.g., command deletion) over the network.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-59893Same product: Flexense Diskpulse
CVE-2025-59891Same product: Flexense Diskpulse
CVE-2025-59894Same product: Flexense Diskpulse
CVE-2025-59895Same product: Flexense Diskpulse
CVE-2020-36946Same product: Flexense Syncbreeze
CVE-2020-37100Same product: Flexense Syncbreeze
CVE-2020-36927Same product: Flexense Diskpulse
CVE-2025-23467Shared CWE-352
CVE-2018-25170Shared CWE-352
CVE-2025-22336Shared CWE-352

Affected Assets

flexense
diskpulse
10.4.18
flexense
syncbreeze
10.4.18

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-23 mandates session authenticity mechanisms like CSRF tokens to bind requests to legitimate user sessions, directly preventing forged POST requests to endpoints like '/delete_command'.

prevent

SI-10 requires validation of all information inputs, including CSRF tokens on state-changing requests, to block unauthorized actions such as command deletion via malicious POSTs.

prevent

IA-11 enforces re-authentication for sensitive transactions like command deletion, mitigating CSRF exploitation by requiring additional user verification beyond the initial session.

References