What is CVE-2025-30189?

CVE-2025-30189 is a high-severity vulnerability in Open-xchange Gmbh Ox Dovecot Pro, classified under CWE-1250. CVSS score: 7.4/10. Published 2025-10-31.

How severe is CVE-2025-30189?

High severity. CVSS v3 base score is 7.4 out of 10.

Is CVE-2025-30189 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Open-xchange Gmbh Ox Dovecot Pro

CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed vers…

EPSS: 0.006 (41.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.4 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Open-xchange Gmbh Ox Dovecot Pro — versions 0

Weakness classification (CWE)

CWE-1250

Public proof-of-concept exploits

w4zu/Debian_

References

security@open-xchange.com (vendor-advisory)
af854a3a-2127-422b-91ae-364da2661108
af854a3a-2127-422b-91ae-364da2661108

Frequently asked questions

What is CVE-2025-30189?: CVE-2025-30189 is a high-severity vulnerability in Open-xchange Gmbh Ox Dovecot Pro, classified under CWE-1250. CVSS score: 7.4/10. Published 2025-10-31.
How severe is CVE-2025-30189?: High severity. CVSS v3 base score is 7.4 out of 10.
Is CVE-2025-30189 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.