CVE-2025-59894
Published: 28 January 2026
Summary
CVE-2025-59894 is a high-severity CSRF (CWE-352) vulnerability in Flexense Diskpulse. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious Link (T1204.001); ranked at the 6.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-23 requires mechanisms to protect communications session authenticity, directly mitigating CSRF by preventing forged requests from impersonating legitimate user actions in an authenticated session.
SI-10 mandates validation of information inputs, such as CSRF tokens, to ensure requests like the '/delete_all_commands' POST are legitimate and not forged by an attacker.
CM-6 enforces secure configuration settings, including implementation of CSRF protections in the application to address the lack of proper token validation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF flaw directly enables forced actions via crafted malicious links or spearphishing, as described in the UI:R interaction vector.
NVD Description
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to…
more
the lack of proper CSRF token implementation. Among other things, it is possible, using a POST request to delete all commands via '/delete_all_commands?sid='.
Deeper analysisAI
CVE-2025-59894 is a Cross-Site Request Forgery (CSRF) vulnerability, corresponding to CWE-352, affecting Sync Breeze Enterprise Server version 10.4.18 and Disk Pulse Enterprise version 10.4.18. The flaw arises from the lack of proper CSRF token implementation, allowing an authenticated user to induce another user to perform unwanted actions within the application they are logged into. It has a CVSS v3.1 base score of 8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H) and was published on 2026-01-28.
An attacker who has obtained low-privilege authenticated access (PR:L) can exploit this vulnerability remotely over the network (AV:N) by tricking a victim user into interacting with a malicious webpage (UI:R), such as by clicking a crafted link. Successful exploitation enables the attacker to force the victim's browser to submit unauthorized requests on their behalf, potentially leading to high-impact confidentiality, integrity, and availability consequences (C:H/I:H/A:H) in the unchanged scope (S:U). A specific example involves a POST request to the '/delete_all_commands?sid=' endpoint to delete all commands.
The INCIBE-CERT advisory (https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-products) documents this vulnerability alongside others in Flexense products and provides associated guidance.
Details
- CWE(s)