PT-2025-54919 · Dovecot+3 · Dovecot+3

Publicado

2025-01-01

Atualizado

2026-05-19

CVE-2025-59032

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3

Description A flaw exists in the ManageSieve AUTHENTICATE command that causes the service to crash when a literal value is used as the SASL initial response. This can lead to repeated crashes, resulting in a denial of service by making the ManageSieve service unavailable to other users. No publicly available exploits are known at this time.

Recommendations Upgrade to version 2.4.3 or later. Restrict access to the ManageSieve port. Disable the ManageSieve service if it is not required.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALSA-2026:13498

ALSA-2026:13830

ALSA-2026:13857

ALSA-2026:19149

ALSA-2026:19364

CVE-2025-59032

OESA-2026-1849

OPENSUSE-SU-2026:10442-1

OPENSUSE-SU-2026:20554-1

RHSA-2026:13498

RHSA-2026:13830

RHSA-2026:13857

RHSA-2026:17602

RHSA-2026:17625

RHSA-2026:17626

RHSA-2026:17628

RHSA-2026:17630

RHSA-2026:18053

RHSA-2026:19149

RHSA-2026:19364

RHSA-2026:19453

RHSA-2026:19455

SUSE-SU-2026:21208-1

USN-8136-1

Produtos afetados

Dovecot

Linuxmint

Rocky Linux

Ubuntu

PT-2025-54919 · Dovecot+3 · Dovecot+3

CVE-2025-59032

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 79