PT-2025-54919 · Dovecot+3 · Dovecot+3

Published

2025-01-01

Updated

2026-05-19

CVE-2025-59032

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3

Description A flaw exists in the ManageSieve AUTHENTICATE command that causes the service to crash when a literal value is used as the SASL initial response. This can lead to repeated crashes, resulting in a denial of service by making the ManageSieve service unavailable to other users. No publicly available exploits are known at this time.

Recommendations Upgrade to version 2.4.3 or later. Restrict access to the ManageSieve port. Disable the ManageSieve service if it is not required.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2026:13498

ALSA-2026:13830

ALSA-2026:13857

ALSA-2026:19149

ALSA-2026:19364

CVE-2025-59032

OESA-2026-1849

OPENSUSE-SU-2026:10442-1

OPENSUSE-SU-2026:20554-1

RHSA-2026:13498

RHSA-2026:13830

RHSA-2026:13857

RHSA-2026:17602

RHSA-2026:17625

RHSA-2026:17626

RHSA-2026:17628

RHSA-2026:17630

RHSA-2026:18053

RHSA-2026:19149

RHSA-2026:19364

RHSA-2026:19453

RHSA-2026:19455

SUSE-SU-2026:21208-1

USN-8136-1

Affected Products

Dovecot

Linuxmint

Rocky Linux

Ubuntu

PT-2025-54919 · Dovecot+3 · Dovecot+3

CVE-2025-59032

Weakness Enumeration

Related Identifiers

Affected Products

References · 79