Home

Description

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could send malicious requests to alter the configuration file, causing the application to become unresponsive. In a successful scenario, the service may not recover on its own and require a complete reinstallation, as the configuration becomes corrupted and prevents the service from restarting, even manually.

PUBLISHED Reserved 2025-09-23 | Published 2026-01-28 | Updated 2026-01-28 | Assigner INCIBE




HIGH: 8.2CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unaffected

v10.4.18
affected

Default status
unaffected

v10.4.18
affected

Credits

Rafael Pedrero finder

References

www.incibe.es/.../multiple-vulnerabilities-flexense-products

cve.org (CVE-2025-59895)

nvd.nist.gov (CVE-2025-59895)

Download JSON