CVE-2025-59895
Unknown Unknown - Not Provided

Remote DoS in Sync Breeze and Disk Pulse via Config Restore

Vulnerability report for CVE-2025-59895, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-28

Last updated on: 2026-02-10

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could send malicious requests to alter the configuration file, causing the application to become unresponsive. In a successful scenario, the service may not recover on its own and require a complete reinstallation, as the configuration becomes corrupted and prevents the service from restarting, even manually.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-28
Last Modified
2026-02-10
Generated
2026-07-06
AI Q&A
2026-01-29
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
flexense syncbreeze 10.4.18
flexense diskpulse 10.4.18

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18, where the configuration restore functionality does not properly validate user-supplied data. An attacker can exploit this by sending malicious requests that alter the configuration file, causing the application to become unresponsive. The corrupted configuration can prevent the service from restarting, even manually, potentially requiring a complete reinstallation.

Impact Analysis

The vulnerability can cause a remote denial-of-service (DoS) condition, making the affected application unresponsive. In a successful attack, the service may fail to recover and require a full reinstallation, leading to downtime and potential disruption of business operations.

Mitigation Strategies

To mitigate this vulnerability, avoid using the configuration restore functionality until a patch or update is available. Monitor the application for signs of unresponsiveness caused by corrupted configuration files. If the service becomes unresponsive, a complete reinstallation may be required to restore functionality.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59895. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart