CVE-2025-59892
Published: 28 January 2026
Summary
CVE-2025-59892 is a high-severity CSRF (CWE-352) vulnerability in Flexense Diskpulse. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-23 mandates session authenticity mechanisms like CSRF tokens to bind requests to legitimate user sessions, directly preventing forged POST requests to endpoints like '/delete_command'.
SI-10 requires validation of all information inputs, including CSRF tokens on state-changing requests, to block unauthorized actions such as command deletion via malicious POSTs.
IA-11 enforces re-authentication for sensitive transactions like command deletion, mitigating CSRF exploitation by requiring additional user verification beyond the initial session.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF flaw in public-facing web server directly enables exploitation of the application to perform unauthorized actions (e.g., command deletion) over the network.
NVD Description
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to…
more
the lack of proper CSRF token implementation. Among other things, it is possible, using a POST request to delete commands individually via '/delete_command?sid=', using the 'cid' parameter.
Deeper analysisAI
CVE-2025-59892 is a Cross-Site Request Forgery (CSRF) vulnerability, mapped to CWE-352, affecting Sync Breeze Enterprise Server version 10.4.18 and Disk Pulse Enterprise version 10.4.18. The flaw arises from the lack of proper CSRF token implementation, allowing unauthorized actions within the application. It has a CVSS v3.1 base score of 8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) and was published on 2026-01-28.
An authenticated user with low privileges can exploit this vulnerability to trick another logged-in user into performing unwanted actions. Exploitation requires user interaction, such as visiting a malicious site or clicking a crafted link. For instance, an attacker could use a POST request to '/delete_command?sid=' with the 'cid' parameter to delete individual commands, potentially leading to high confidentiality, integrity, and availability impacts.
The INCIBE-CERT advisory at https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-products covers this CSRF vulnerability alongside other issues in Flexense products.
Details
- CWE(s)