CVE-2025-59031

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3

Description Dovecot includes a script for converting attachments to text that improperly handles zip-style attachments. An attacker could leverage specially crafted OOXML documents to cause unintended files on the system to be indexed, potentially leading to their inclusion in Full-Text Search (FTS) indexes. The issue relates to the unsafe handling of zip-style attachments during the attachment-to-text conversion process. No publicly available exploits are known at this time.

Recommendations Do not use the provided script for attachment to text conversion. Instead, utilize an alternative solution such as FTS tika.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2025-59031

OESA-2026-1849

OPENSUSE-SU-2026:10442-1

OPENSUSE-SU-2026:20554-1

SUSE-SU-2026:21208-1

USN-8136-1

Affected Products

Dovecot

Fts Tika

Linuxmint

Ubuntu

CVE-2025-59031

Weakness Enumeration

Related Identifiers

Affected Products

References · 55