CVE-2025-59028
Received Received - Intake
Denial of Service via Invalid Base64 in Open-Xchange SASL Authentication

Publication date: 2026-03-27

Last updated on: 2026-04-30

Assigner: Open-Xchange

Description
When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes (heavy perfomance penalty on large deployments). No publicly available exploits are known.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-27
Last Modified
2026-04-30
Generated
2026-06-16
AI Q&A
2026-03-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59028
EUVD
EUVD-2025-209088
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dovecot dovecot to 2.4.3 (exc)
open-xchange dovecot to 3.1.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs when invalid base64 SASL data is sent during the login process, causing the authentication server to disconnect the login attempt. This disconnection results in all active authentication sessions failing.

An attacker can exploit this by sending invalid BASE64 data to perform a denial-of-service (DoS) attack on a vulnerable server, effectively breaking concurrent logins.

Impact Analysis

The main impact of this vulnerability is a denial-of-service condition where all active authentication sessions fail due to the server disconnecting login processes when invalid base64 SASL data is received.

This can disrupt user access and service availability, especially in environments with concurrent logins.

Mitigation involves installing a fixed version or disabling concurrency in login processes, though the latter may cause a significant performance penalty in large deployments.

Mitigation Strategies

To mitigate this vulnerability, you should install the fixed version of the affected software.

Alternatively, you can disable concurrency in login processes, but be aware this may cause a heavy performance penalty on large deployments.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59028. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart