CSRF in Flexense Disk Pulse Enterprise
CVE-2025-59901
Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor_directory?sid=' endpoint, caused by insufficient validation of the 'monitor_directory' parameter sent by POST. An attacker could exploit this…
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.002 (8.8th percentile) — read the EPSS interpretation.
Affected products
- Flexense Disk Pulse Enterprise — versions v10.4.18
- Flexense Sync Breeze Enterprise Server — versions v10.4.18