Main Vulnerability Database Vulnerabilities #VU124723

#VU124723 Information disclosure in Dovecot and OX Dovecot Pro - CVE-2025-59031

Published: April 1, 2026

Vulnerability identifier: #VU124723

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-59031

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Dovecot
OX Dovecot Pro

Software vendor:
Dovecot

Description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper input validation in decode2text.sh script when parsing OOXML attachments during indexing. A remote attacker can send a specially crafted OOXML document containing symlinks to disclose sensitive information.

The attacker must be able to upload email attachments that are processed by the indexing system.

Remediation

Install security update from vendor's website.

External links

https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html

#VU124723 Information disclosure in Dovecot and OX Dovecot Pro - CVE-2025-59031

Description

Remediation

External links

Please verify you're human