CVE-2025-59895 — HIGH (7.5)

Vulnerability Description

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could send malicious requests to alter the configuration file, causing the application to become unresponsive. In a successful scenario, the service may not recover on its own and require a complete reinstallation, as the configuration becomes corrupted and prevents the service from restarting, even manually.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Flexense	Diskpulse	10.4.18
Flexense	Syncbreeze	10.4.18

Related Weaknesses (CWE)

CWE-20

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexThird Party Advisory

FAQ

What is CVE-2025-59895?

CVE-2025-59895 is a vulnerability with a CVSS score of 7.5 (HIGH). Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insuffi...

How severe is CVE-2025-59895?

CVE-2025-59895 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-59895?

Check the references section above for vendor advisories and patch information. Affected products include: Flexense Diskpulse, Flexense Syncbreeze.