CVE-2025-59028
EUVD-2025-20908827.03.2026, 09:16
When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes (heavy perfomance penalty on large deployments). No publicly available exploits are known.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| dovecot | dovecot | 𝑥 < 2.4.3 |
| open-xchange | dovecot | 𝑥 < 3.1.2 |
𝑥
= Vulnerable software versions
Debian Releases
Debian Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| dovecot |
|
Ubuntu Releases
Common Weakness Enumeration
Vulnerability Media Exposure