CVE-2025-59032

CVSS Score & Metrics

Base Score

7.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H                                    

Vulnerability Description

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed version. No publicly available exploits are known.

Vulnerability Details

Published Date

March 27, 2026

Last Modified

March 30, 2026

CWE ID

CWE-20

Source

NVD

Vendor

Open-Xchange GmbH

Product

OX Dovecot Pro

External References

https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment