vulnerability

Debian: CVE-2025-59032: dovecot -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Apr 7, 2026	Apr 7, 2026	Apr 7, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Apr 7, 2026

Added

Apr 7, 2026

Modified

Apr 7, 2026

Description

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed version. No publicly available exploits are known.

Solution

debian-upgrade-dovecot

References

CVE-2025-59032
https://attackerkb.com/topics/CVE-2025-59032
CWE-20
DEBIAN-DSA-6197-1
EUVD-EUVD-2025-209092
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-209092

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today