CVE-2025-59032 — Vulnetix

CVE-2025-59032 PUBLISHED CVSS 7.5 HIGH

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed version. No publicly available exploits are known.

EPSS 0.07% · 21.1th percentile

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.07%

21.1th percentile

Affected Products

Vendor	Product	Versions
Open-Xchange GmbH	OX Dovecot Pro	0, 0, 0

Exploit Intelligence

CIRCL seen: CVE-2025-59032 (circl-sighting)
CIRCL seen: CVE-2025-59032 (circl-sighting)
CIRCL seen: CVE-2025-59032 (circl-sighting)
CIRCL seen: CVE-2025-59032 (circl-sighting)
CIRCL seen: CVE-2025-59032 (circl-sighting)
https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json (circl)

Timeline

Mar 27, 2026 Coalition ESS Score
Mar 27, 2026 CVE Published
Mar 27, 2026 PoC Published
Mar 27, 2026 PoC Published
Mar 27, 2026 PoC Published
Mar 27, 2026 PoC Published
Mar 29, 2026 Security Advisory
Apr 7, 2026 PoC Published
Apr 30, 2026 CVE Updated
May 5, 2026 Distribution Patch
May 5, 2026 Security Advisory
May 6, 2026 Distribution Patch

References

https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-59032 advisory

Open in Interactive Console →