CVE-2025-59893
Published: 28 January 2026
Summary
CVE-2025-59893 is a high-severity CSRF (CWE-352) vulnerability in Flexense Diskpulse. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-23 requires mechanisms to protect session authenticity, such as CSRF tokens, directly preventing exploitation of the missing token implementation in forged POST requests to '/rename_command'.
SI-10 mandates validation of information inputs, including CSRF tokens in parameters like 'command_name' and 'sid', blocking invalid cross-site forged requests.
AU-12 requires generation of audit records for security-relevant events like command renames, enabling detection of unauthorized actions tricked via CSRF.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF in public-facing web app directly enables exploitation of the server (T1190); attack requires victim interaction with attacker-controlled malicious link (T1204.001).
NVD Description
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to…
more
the lack of proper CSRF token implementation. Among other things, it is possible, using a POST request to rename commands via '/rename_command?sid=', affecting the 'command_name' parameter.
Deeper analysisAI
CVE-2025-59893 is a cross-site request forgery (CSRF) vulnerability, classified under CWE-352, affecting Sync Breeze Enterprise Server version 10.4.18 and Disk Pulse Enterprise version 10.4.18. The flaw stems from the lack of proper CSRF token implementation, enabling an authenticated user to trick another logged-in user into performing unintended actions within the application. It has a CVSS v3.1 base score of 8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for network-based exploitation with low complexity, low privileges, and user interaction.
An attacker with an authenticated account can exploit this vulnerability by crafting malicious requests, such as a POST to the '/rename_command?sid=' endpoint targeting the 'command_name' parameter, to manipulate application state on behalf of a victim user. This requires the victim to be logged into the affected software and interact with a malicious site or resource controlled by the attacker, leading to unauthorized actions like renaming commands or other sensitive operations within the victim's session.
The INCIBE-CERT advisory at https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-products details this issue among multiple vulnerabilities in Flexense products, though specific mitigation steps are outlined in the referenced notice.
Details
- CWE(s)