CVE-2025-59032 — HIGH (7.5)

Q: How severe is CVE-2025-59032?

CVE-2025-59032 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-59032?

Check the references section above for vendor advisories and patch information. Affected products include: Dovecot Dovecot, Open-Xchange Dovecot.

Vulnerability Description

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed version. No publicly available exploits are known.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dovecot	Dovecot	< 2.4.3
Open-Xchange	Dovecot	< 3.1.3

Related Weaknesses (CWE)

CWE-20

References

https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdVendor Advisory

FAQ

What is CVE-2025-59032?

CVE-2025-59032 is a vulnerability with a CVSS score of 7.5 (HIGH). ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to...

How severe is CVE-2025-59032?

CVE-2025-59032 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-59032?

Check the references section above for vendor advisories and patch information. Affected products include: Dovecot Dovecot, Open-Xchange Dovecot.