CVE-2025-59892

Name of the Vulnerable Software and Affected Versions Sync Breeze Enterprise Server versions 10.4.18 Disk Pulse Enterprise versions 10.4.18

Description A cross-site request forgery (CSRF) issue exists in Sync Breeze Enterprise Server and Disk Pulse Enterprise. An authenticated user can potentially cause another user to perform unintended actions within their logged-in session. This is due to missing CSRF token implementation. Exploitation involves sending a POST request to the /delete command?sid= endpoint, utilizing the cid parameter to delete commands individually.

Recommendations Update Sync Breeze Enterprise Server to a version with a fix for this vulnerability. Update Disk Pulse Enterprise to a version with a fix for this vulnerability.