Medium severity5.3NVD Advisory· Published Mar 27, 2026· Updated Apr 30, 2026
CVE-2025-59028
CVE-2025-59028
Description
When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes (heavy perfomance penalty on large deployments). No publicly available exploits are known.
Affected products
7cpe:2.3:a:open-xchange:dovecot:*:*:*:*:pro:*:*:*+ 1 more
- cpe:2.3:a:open-xchange:dovecot:*:*:*:*:pro:*:*:*range: <3.1.2
- (no CPE)
- osv-coords4 versionspkg:rpm/opensuse/dovecot24&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/dovecot24&distro=openSUSE%20Tumbleweedpkg:rpm/suse/dovecot24&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/dovecot24&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 2.4.3-160000.1.1+ 3 more
- (no CPE)range: < 2.4.3-160000.1.1
- (no CPE)range: < 2.4.3-1.1
- (no CPE)range: < 2.4.3-160000.1.1
- (no CPE)range: < 2.4.3-160000.1.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.