cvedb.io
CVE-2025-59028
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2026-03-27T09:16:18.620 · Last modified 2026-06-17T09:45:27.700

Summary

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes (heavy perfomance penalty on large deployments). No publicly available exploits are known.

Affected products

dovecot — dovecot

Does this affect you?

Add your gear to cvedb and we'll alert you only when dovecot ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.