CVE-2025-59045
BaseFortify
Publication date: 2025-09-10
Last updated on: 2025-09-11
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| stalwartlabs | stalwart | 0.12.0 |
| stalwartlabs | stalwart | 0.13.2 |
| stalwartlabs | stalwart | 0.13.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-59045 is a memory exhaustion vulnerability in the Stalwart mail and collaboration server's CalDAV implementation affecting versions 0.12.0 through 0.13.2. The flaw occurs in the ArchivedCalendarEventData.expand function, which processes CalDAV REPORT requests that expand recurring calendar events. When an authenticated attacker creates recurring events with large descriptions and requests their expansion, the server stores all expanded event instances in memory without limits. This unbounded memory consumption can reach up to 2 GB from a single request, causing the server to crash and resulting in a denial-of-service (DoS). The vulnerability was fixed in version 0.13.3 by limiting the number of recurrence expansions during calendar report processing. [1, 3]
How can this vulnerability impact me? :
This vulnerability can allow an authenticated attacker to cause a denial-of-service (DoS) on the Stalwart server by exhausting its memory resources. By crafting recurring calendar events with large payloads and triggering their expansion via CalDAV REPORT requests, the attacker can consume excessive memory (up to 2 GB per request), leading to server crashes or severe performance degradation. This disrupts availability of the mail and collaboration services, potentially affecting all users relying on the server. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the Stalwart server's memory usage for unusual spikes, especially when processing CalDAV REPORT requests that expand recurring events. Look for high memory consumption triggered by authenticated users making CalDAV REPORT requests with the <C:expand> element. Commands to monitor memory usage include standard system tools such as 'top', 'htop', or 'free -m' on Linux systems. Additionally, inspecting server logs for frequent or large CalDAV REPORT requests from authenticated users may help identify exploitation attempts. Rate limiting or logging CalDAV REPORT requests can also assist in detection. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Stalwart to version 0.13.3 or later, which contains a fix limiting recurrence expansions in CalDAV REPORT requests. If upgrading is not immediately possible, implement memory limits at the container or system level to prevent excessive memory consumption. Monitor server memory usage closely for spikes. Apply rate limiting to CalDAV REPORT requests to reduce the risk of abuse. Restrict CalDAV access to trusted users only to minimize exposure. These steps help reduce the risk of denial-of-service caused by unbounded memory consumption. [1, 2]