How to fix EUVD-2025-209092?

Within 24 hours: Identify all OX Dovecot Pro installations with ManageSieve enabled and assess exposure; implement network-level access controls to restrict ManageSieve port (typically 4190) to trusted administrative sources only. Within 7 days: Deploy WAF or IDS rules to detect and block AUTHENTICATE commands with literal-format SASL payloads; document current Dovecot Pro version and create inventory for patch readiness. Within 30 days: Monitor OX vendor advisories and CISA for patch availability; evaluate temporary disabling of ManageSieve for non-critical deployments until fix is released; prepare change management plan for immediate patching upon vendor release.

Is Redhat affected by EUVD-2025-209092?

OX Dovecot Pro's ManageSieve service contains a denial-of-service vulnerability that allows unauthenticated remote attackers to repeatedly crash the service through malformed SASL authentication requests, disrupting email filter management for all users relying on this capability.

EUVD-2025-209092

| CVE-2025-59032 HIGH

2026-03-27 OX

GHSA-w2gj-cmfm-c4j4

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 13:49 nvd

Patch available

EUVD ID Assigned

Mar 27, 2026 - 08:30 euvd

EUVD-2025-209092

Analysis Generated

Mar 27, 2026 - 08:30 vuln.today

CVE Published

Mar 27, 2026 - 08:10 nvd

HIGH 7.5

Description

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed version. No publicly available exploits are known.

Analysis

OX Dovecot Pro ManageSieve service crashes when processing AUTHENTICATE commands with SASL initial responses using literal format, enabling unauthenticated remote attackers to repeatedly crash the service and deny availability to legitimate users (CVSS 7.5, High availability impact). The vulnerability affects OX Dovecot Pro installations with ManageSieve enabled. No public exploit identified at time of analysis, and EPSS data was not provided in available intelligence.

Technical Context

The vulnerability resides in the ManageSieve protocol implementation within OX Dovecot Pro (CPE cpe:2.3:a:open-xchange_gmbh:ox_dovecot_pro). ManageSieve is an IETF protocol (RFC 5804) that allows users to manage server-side mail filtering rules (Sieve scripts). The flaw is classified as CWE-20 (Improper Input Validation), indicating the service fails to properly validate or handle literal syntax when used as a SASL (Simple Authentication and Security Layer) initial response during the AUTHENTICATE command sequence. This input validation failure causes the ManageSieve process to crash, requiring restart and disrupting service availability for all users attempting to manage their mail filters.

Affected Products

OX Dovecot Pro installations are affected, as confirmed via CPE identifier cpe:2.3:a:open-xchange_gmbh:ox_dovecot_pro. The vulnerability specifically impacts deployments with the ManageSieve service enabled and network-accessible. Complete version range information was not provided in available intelligence sources. The vendor Open-Xchange GmbH has published a security advisory in CSAF format available at https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json which should contain definitive affected version details and product-specific guidance.

Remediation

Upgrade to the fixed version of OX Dovecot Pro as specified in the vendor security advisory at https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json. Until patching is possible, implement network-level access controls to restrict ManageSieve port access (typically TCP 4190) to only trusted IP ranges or authenticated VPN connections. Organizations not requiring server-side Sieve script management capabilities should disable the ManageSieve service entirely in the Dovecot configuration (set protocols to exclude managesieve). The vendor advisory references a patch available per the CSAF document, though the exact fixed version number was not included in the analyzed intelligence feed.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: 0

Vendor Status

Ubuntu

Priority: Medium

dovecot

Release	Status	Version
trusty	needed	-
xenial	needed	-
bionic	needed	-
focal	needed	-
jammy	needed	-
noble	needed	-
questing	needed	-
upstream	released	2.4.3

Debian

dovecot

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	1:2.3.13+dfsg1-2+deb11u1	-
bullseye (security)	vulnerable	1:2.3.13+dfsg1-2+deb11u2	-
bookworm, bookworm (security)	vulnerable	1:2.3.19.1+dfsg1-2.1+deb12u1	-
trixie	vulnerable	1:2.4.1+dfsg1-6+deb13u3	-
trixie (security)	vulnerable	1:2.4.1+dfsg1-6+deb13u1	-
forky, sid	vulnerable	1:2.4.2+dfsg1-4	-
(unstable)	fixed	(unfixed)	-

EUVD-2025-209092 vulnerability details – vuln.today

Back

EUVD-2025-209092

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-209092

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code