What is CVE-2025-59032?

CVE-2025-59032 is a high-severity vulnerability in Dovecot, classified under Improper Input Validation. CVSS score: 7.5/10. Published 2026-03-27.

How severe is CVE-2025-59032?

High severity. CVSS v3 base score is 7.5 out of 10.

Improper input validation in Dovecot

CVE-2025-59032

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the servi…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (21.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Dovecot
Open-xchange Dovecot
Open-xchange Gmbh Ox Dovecot Pro — versions 0

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

security@open-xchange.com (vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2025-59032?: CVE-2025-59032 is a high-severity vulnerability in Dovecot, classified under Improper Input Validation. CVSS score: 7.5/10. Published 2026-03-27.
How severe is CVE-2025-59032?: High severity. CVSS v3 base score is 7.5 out of 10.