4.3

CVE-2025-59031

EPSS 0.02%
Veröffentlicht 27.03.2026 08:10:15
Zuletzt bearbeitet 29.04.2026 19:13:14
Quelle security@open-xchange.com
CVE-Watchlists
Login
Unerledigt
Login

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided script, instead, use something else like FTS tika. No publicly available exploits are known.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dovecot ≫ Dovecot Version < 2.4.3

Open-xchange ≫ Dovecot SwEditionpro Version < 2.3.22.1

Open-xchange ≫ Dovecot SwEditionpro Version >= 3.0.0 < 3.1.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.056

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@open-xchange.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-59031

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-59031

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-59031

EUVD