CVE-2025-59891

Name of the Vulnerable Software and Affected Versions Sync Breeze Enterprise Server versions 10.4.18 Disk Pulse Enterprise versions 10.4.18

Description A cross-site request forgery (CSRF) issue exists in the software. An authenticated user can potentially cause another user to perform unintended actions within their logged-in session. This is due to missing CSRF token implementation. Exploitation involves a POST request to the /setup login?sid= endpoint, impacting the username, password, and cpassword parameters.

Recommendations Apply updates to versions beyond 10.4.18.