CVE-2025-59901
Unknown Unknown - Not Provided
Authenticated Reflected XSS in Disk Pulse Enterprise /monitor_directory Endpoint

Publication date: 2026-01-28

Last updated on: 2026-01-28

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description
Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor_directory?sid=' endpoint, caused by insufficient validation of the 'monitor_directory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an authenticated user and steal information from their session.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-28
Last Modified
2026-01-28
Generated
2026-06-16
AI Q&A
2026-01-29
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59901
EUVD
EUVD-2025-206502
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
disk_pulse disk_pulse_enterprise 10.4.18
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an authenticated reflected Cross-Site Scripting (XSS) issue in Disk Pulse Enterprise v10.4.18. It occurs in the '/monitor_directory?sid=' endpoint due to insufficient validation of the 'monitor_directory' parameter sent via POST. An attacker who is authenticated can exploit this by sending malicious content that is reflected back to an authenticated user, potentially allowing the attacker to steal information from the user's session.

Impact Analysis

The vulnerability can allow an attacker to execute malicious scripts in the context of an authenticated user's session. This can lead to theft of sensitive information such as session tokens, which may result in unauthorized access to the user's account or data compromise.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59901. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart