CVE-2025-59032
HIGHOX Dovecot Pro < 2.4.0 and < 3.1.0 - Denial of Service via ManageSieve AUTHENTICATE Command
Title source: llmDescription
ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed version. No publicly available exploits are known.
References (18)
Core 18
Core References
Vendor Advisory vendor-advisory
https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:13498
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:13830
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:13857
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:17602
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:17625
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:17626
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:17628
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:17630
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:18053
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:19149
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:19364
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:19453
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:19455
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:26564
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2025-59032
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2452172
Scores
CVSS v3
7.5
EPSS
0.0070
EPSS Percentile
49.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-20
CWE-229
Status
published
Products (4)
dovecot/dovecot
< 2.4.3
open-xchange/dovecot
< 3.1.3
Open-Xchange GmbH/OX Dovecot Pro
< 2.4.0
Open-Xchange GmbH/OX Dovecot Pro
< 3.1.0
Published
Mar 27, 2026
Tracked Since
Mar 27, 2026