CVE-2025-59891— Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-59891
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server
Source: NVD (National Vulnerability Database)
Vulnerability Description
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it is possible, using a POST request to change a user's password or create users via '/setup_login?sid=', affecting the 'username', 'password', and 'cpassword' parameters.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Flexense Sync Breeze Enterprise Server和Flexense Disk Pulse Enterprise 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Flexense Sync Breeze Enterprise Server和Flexense Disk Pulse Enterprise都是Flexense公司的产品。Flexense Sync Breeze Enterprise Server是一个网络文件同步软件。Flexense Disk Pulse Enterprise是一个实时文件系统监控软件。 Flexense Sync Breeze Enterprise Server 10.4.18版本和Flexense Disk Pulse Enterp
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Flexense | Sync Breeze Enterprise Server | v10.4.18 | - | |
| Flexense | Disk Pulse Enterprise | v10.4.18 | - |
II. Public POCs for CVE-2025-59891
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-59891
请登录查看更多情报信息。
Same Patch Batch · Flexense · 2026-01-28 · 11 CVEs total
| CVE-2025-59899 | Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server | |
| CVE-2025-59901 | authenticated reflected XSS vulnerability in Sync Breeze Enterprise Server | |
| CVE-2025-59898 | Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server | |
| CVE-2025-59892 | Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server | |
| CVE-2025-59896 | Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server | |
| CVE-2025-59893 | Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server | |
| CVE-2025-59900 | Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server | |
| CVE-2025-59897 | Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server | |
| CVE-2025-59894 | Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server | |
| CVE-2025-59895 | Remote denial-of-service (DoS) vulnerability in Sync Breeze Enterprise Server |
IV. Related Vulnerabilities
Same product: Sync Breeze Enterprise Server
- CVE-2025-59901
authenticated reflected XSS vulnerability in Sync Breeze Ent - CVE-2025-59900
Authenticated Cross-Site Scripting (XSS) vulnerability in Sy - CVE-2025-59899
Authenticated Cross-Site Scripting (XSS) vulnerability in Sy - CVE-2025-59898
Authenticated Cross-Site Scripting (XSS) vulnerability in Sy - CVE-2025-59897
Authenticated Cross-Site Scripting (XSS) vulnerability in Sy
Same vendor: Flexense
- CVE-2025-59901
authenticated reflected XSS vulnerability in Sync Breeze Ent - CVE-2025-59900
Authenticated Cross-Site Scripting (XSS) vulnerability in Sy - CVE-2025-59899
Authenticated Cross-Site Scripting (XSS) vulnerability in Sy - CVE-2025-59898
Authenticated Cross-Site Scripting (XSS) vulnerability in Sy - CVE-2025-59897
Authenticated Cross-Site Scripting (XSS) vulnerability in Sy
Same weakness: CWE-352
- CVE-2021-47953
OpenCart 3.0.3.7 Cross-Site Request Forgery via account/pass - CVE-2021-47946
OpenCart 3.0.36 Account Takeover via Cross Site Request Forg - CVE-2022-50955
WordPress Plugin Curtain 1.0.2 Cross-site Request Forgery - CVE-2026-8194
osTicket Dispatcher class.dispatcher.php cross-site request - CVE-2026-42286
Emlog: Cross-Site Request Forgery in Admin Functions
V. Comments for CVE-2025-59891
No comments yet