CVE-2025-59028

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3

Description Sending invalid base64 SASL data can disrupt the login process by disconnecting it from the authentication server, leading to the failure of all active authentication sessions. This can be used to cause a denial-of-service condition, breaking concurrent logins.

Recommendations Install version 2.4.3 or disable concurrency in login processes.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2025-59028

OPENSUSE-SU-2026:10442-1

OPENSUSE-SU-2026:20554-1

SUSE-SU-2026:21208-1

USN-8136-1

Affected Products

Dovecot

Linuxmint

Ubuntu

CVE-2025-59028

Weakness Enumeration

Related Identifiers

Affected Products

References · 47