PT-2026-5100 · Unknown · Sync Breeze Enterprise Server+1
Rafael Pedrero
·
Published
2026-01-28
·
Updated
2026-02-10
·
CVE-2025-59892
CVSS v4.0
8.5
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Sync Breeze Enterprise Server versions 10.4.18
Disk Pulse Enterprise versions 10.4.18
Description
A cross-site request forgery (CSRF) issue exists in Sync Breeze Enterprise Server and Disk Pulse Enterprise. An authenticated user can potentially cause another user to perform unintended actions within their logged-in session. This is due to missing CSRF token implementation. Exploitation involves sending a POST request to the
/delete command?sid= endpoint, utilizing the cid parameter to delete commands individually.Recommendations
Update Sync Breeze Enterprise Server to a version with a fix for this vulnerability.
Update Disk Pulse Enterprise to a version with a fix for this vulnerability.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Diskpulse Enterprise
Sync Breeze Enterprise Server