CVE-2025-59032
HIGHOX Dovecot Pro < 2.4.0 and < 3.1.0 - Denial of Service via ManageSieve AUTHENTICATE Command
Title source: llmDescription
ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed version. No publicly available exploits are known.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json
Scores
CVSS v3
7.5
EPSS
0.0008
EPSS Percentile
23.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (4)
dovecot/dovecot
< 2.4.3
open-xchange/dovecot
< 3.1.3
Open-Xchange GmbH/OX Dovecot Pro
< 2.4.0
Open-Xchange GmbH/OX Dovecot Pro
< 3.1.0
Published
Mar 27, 2026
Tracked Since
Mar 27, 2026