CVE-2025-59895
Unknown Unknown - Not Provided
Remote DoS in Sync Breeze and Disk Pulse via Config Restore

Publication date: 2026-01-28

Last updated on: 2026-02-10

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could send malicious requests to alter the configuration file, causing the application to become unresponsive. In a successful scenario, the service may not recover on its own and require a complete reinstallation, as the configuration becomes corrupted and prevents the service from restarting, even manually.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-28
Last Modified
2026-02-10
Generated
2026-06-16
AI Q&A
2026-01-29
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59895
EUVD
EUVD-2025-206494
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
flexense syncbreeze 10.4.18
flexense diskpulse 10.4.18
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18, where the configuration restore functionality does not properly validate user-supplied data. An attacker can exploit this by sending malicious requests that alter the configuration file, causing the application to become unresponsive. The corrupted configuration can prevent the service from restarting, even manually, potentially requiring a complete reinstallation.

Impact Analysis

The vulnerability can cause a remote denial-of-service (DoS) condition, making the affected application unresponsive. In a successful attack, the service may fail to recover and require a full reinstallation, leading to downtime and potential disruption of business operations.

Mitigation Strategies

To mitigate this vulnerability, avoid using the configuration restore functionality until a patch or update is available. Monitor the application for signs of unresponsiveness caused by corrupted configuration files. If the service becomes unresponsive, a complete reinstallation may be required to restore functionality.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59895. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart