CVE-2025-30189

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Dovecot IMAP Server versions 2.4.0 through 2.4.1

Description When cache is enabled, some passdb/userdb drivers incorrectly cache all users with the same cache key, leading to incorrect cached information being used. After a successful cached login, all subsequent logins are treated as the same user. This issue affects systems using oauth2 passdb, passwd passdb, userdb, or passwd userdb.

Recommendations Upgrade to Dovecot IMAP Server version 2.4.2 or later. Disable auth cache globally or for the impacted passdb/userdb drivers.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1250

Related Identifiers

AZL-69833

AZL-69835

CVE-2025-30189

DSA-6019-1

OPENSUSE-SU-2025-20113-1

OPENSUSE-SU-2025:15676-1

OPENSUSE-SU-2025:20113-1

SUSE-SU-2025:21159-1

SUSE-SU-2025_21159-1

Affected Products

Dovecot Imap Server

Suse

CVE-2025-30189

Weakness Enumeration

Related Identifiers

Affected Products

References · 29