CVE-2025-59895 HIGH

CVE-2025-59895: Remote denial-of-service (DoS) vulnerability in Sync Breeze Enterprise Server

Vendor Flexense
Product Sync Breeze Enterprise Server
Weakness CWE-20 · Input validation
Published January 28, 2026
Last update January 28, 2026

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could send malicious requests to alter the configuration file, causing the application to become unresponsive. In a successful scenario, the service may not recover on its own and require a complete reinstallation, as the configuration becomes corrupted and prevents the service from restarting, even manually.

Key dates

02Disclosure timeline

January 28, 2026 CVE published
January 28, 2026 Record updated