CVE-2025-59893

Name of the Vulnerable Software and Affected Versions Sync Breeze Enterprise Server versions 10.4.18 Disk Pulse Enterprise versions 10.4.18

Description A cross-site request forgery (CSRF) issue exists in Sync Breeze Enterprise Server and Disk Pulse Enterprise. An authenticated user can potentially cause another user to perform unintended actions within their logged-in session. This is due to the absence of appropriate CSRF token implementation. Exploitation involves sending a POST request to the /rename command?sid= API endpoint, specifically manipulating the command name parameter.

Recommendations Update Sync Breeze Enterprise Server to a version with a fix for this vulnerability. Update Disk Pulse Enterprise to a version with a fix for this vulnerability.