CVE-2025-59895
Remote DoS in Sync Breeze and Disk Pulse via Config Restore
Publication date: 2026-01-28
Last updated on: 2026-02-10
Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flexense | syncbreeze | 10.4.18 |
| flexense | diskpulse | 10.4.18 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18, where the configuration restore functionality does not properly validate user-supplied data. An attacker can exploit this by sending malicious requests that alter the configuration file, causing the application to become unresponsive. The corrupted configuration can prevent the service from restarting, even manually, potentially requiring a complete reinstallation.
How can this vulnerability impact me? :
The vulnerability can cause a remote denial-of-service (DoS) condition, making the affected application unresponsive. In a successful attack, the service may fail to recover and require a full reinstallation, leading to downtime and potential disruption of business operations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid using the configuration restore functionality until a patch or update is available. Monitor the application for signs of unresponsiveness caused by corrupted configuration files. If the service becomes unresponsive, a complete reinstallation may be required to restore functionality.