CVE-2025-59028 in Open-Xchange OX Dovecot Pro
摘要 (英语)
When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes (heavy perfomance penalty on large deployments). No publicly available exploits are known.
预定
2025-09-08
披露
2026-03-27
条目
VulDB provides additional information and datapoints for this CVE:
| 标识符 | 漏洞 | CWE | 可利用 | 对策 | CVE |
|---|---|---|---|---|---|
| 353846 | Open-Xchange OX Dovecot Pro 弱身份验证 | 287 | 未定义 | 官方修复 | CVE-2025-59028 |