CVE-2025-59028 in OX Dovecot Pro
Resumen (Inglés)
When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes (heavy perfomance penalty on large deployments). No publicly available exploits are known.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Reservar
2025-09-08
Divulgación
2026-03-27
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 353846 | Open-Xchange OX Dovecot Pro autenticación débil | 287 | No está definido | Arreglo oficial | CVE-2025-59028 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV