PT-2026-5102 · Unknown · Sync Breeze Enterprise Server+1
Rafael Pedrero
·
Published
2026-01-28
·
Updated
2026-01-28
·
CVE-2025-59894
CVSS v4.0
8.5
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Sync Breeze Enterprise Server versions 10.4.18
Disk Pulse Enterprise versions 10.4.18
Description
A cross-site request forgery (CSRF) issue exists in Sync Breeze Enterprise Server and Disk Pulse Enterprise. An authenticated user can potentially cause another user to perform unintended actions. This is due to missing CSRF token implementation. An attacker can leverage a POST request to the ''/delete all commands?sid='' endpoint to delete all commands.
Recommendations
Update Sync Breeze Enterprise Server to a version with a fix for this vulnerability.
Update Disk Pulse Enterprise to a version with a fix for this vulnerability.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Diskpulse Enterprise
Sync Breeze Enterprise Server