CVE-2025-59897

Name of the Vulnerable Software and Affected Versions Sync Breeze Enterprise Server versions 10.4.18 Disk Pulse Enterprise versions 10.4.18

Description Sync Breeze Enterprise Server and Disk Pulse Enterprise are affected by a persistent authenticated Cross-Site Scripting (XSS) issue. An attacker can potentially send malicious content to an authenticated user, potentially gaining access to session information. This is due to inadequate validation of user-supplied data within the /edit command?sid= API endpoint, specifically impacting the source dir and dest dir parameters.

Recommendations Update Sync Breeze Enterprise to a version prior to 10.4.18. Update Disk Pulse Enterprise to a version prior to 10.4.18.