CVE-2025-61600

Name of the Vulnerable Software and Affected Versions Stalwart versions 0.13.3 and below

Description Stalwart, a mail and collaboration server, has an issue where the IMAP protocol parser can allocate an unlimited amount of memory. This can allow a remote attacker to exhaust server memory, potentially triggering the system's out-of-memory (OOM) killer and causing a denial of service. The CommandParser implementation generally limits the size of its dynamic buffer during parsing, but some state handlers do not perform these validation checks.

Recommendations Update to version 0.13.4 or later. Implement rate limiting and connection monitoring at the network level as a workaround.