Cyber Resilience

CVE-2025-59893

High

Published: 28 January 2026

Published
28 January 2026
Modified
10 February 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0013 2.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-59893 is a high-severity CSRF (CWE-352) vulnerability in Flexense Diskpulse. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 2.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-59893 is a cross-site request forgery (CSRF) vulnerability, classified under CWE-352, affecting Sync Breeze Enterprise Server version 10.4.18 and Disk Pulse Enterprise version 10.4.18. The flaw stems from the lack of proper CSRF token implementation, enabling an authenticated user to trick another logged-in user into performing unintended actions within the application. It has a CVSS v3.1 base score of 8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for network-based exploitation with low complexity, low privileges, and user interaction.

An attacker with an authenticated account can exploit this vulnerability by crafting malicious requests, such as a POST to the '/rename_command?sid=' endpoint targeting the 'command_name' parameter, to manipulate application state on behalf of a victim user. This requires the victim to be logged into the affected software and interact with a malicious site or resource controlled by the attacker, leading to unauthorized actions like renaming commands or other sensitive operations within the victim's session.

The INCIBE-CERT advisory at https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-products details this issue among multiple vulnerabilities in Flexense products, though specific mitigation steps are outlined in the referenced notice.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to…

more

the lack of proper CSRF token implementation. Among other things, it is possible, using a POST request to rename commands via '/rename_command?sid=', affecting the 'command_name' parameter.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
Why these techniques?

CSRF in public-facing web app directly enables exploitation of the server (T1190); attack requires victim interaction with attacker-controlled malicious link (T1204.001).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-59892Same product: Flexense Diskpulse
CVE-2025-59894Same product: Flexense Diskpulse
CVE-2025-59891Same product: Flexense Diskpulse
CVE-2025-59895Same product: Flexense Diskpulse
CVE-2020-36946Same product: Flexense Syncbreeze
CVE-2020-37100Same product: Flexense Syncbreeze
CVE-2020-36927Same product: Flexense Diskpulse
CVE-2025-70031Shared CWE-352
CVE-2025-23902Shared CWE-352
CVE-2026-34384Shared CWE-352

Affected Assets

flexense
diskpulse
10.4.18
flexense
syncbreeze
10.4.18

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-23 requires mechanisms to protect session authenticity, such as CSRF tokens, directly preventing exploitation of the missing token implementation in forged POST requests to '/rename_command'.

prevent

SI-10 mandates validation of information inputs, including CSRF tokens in parameters like 'command_name' and 'sid', blocking invalid cross-site forged requests.

detect

AU-12 requires generation of audit records for security-relevant events like command renames, enabling detection of unauthorized actions tricked via CSRF.

References