CVE-2025-59031 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2025-59031

Analyzed

More Info Official Page

Source-security@open-xchange.com

Published At-27 Mar, 2026 | 09:16

Updated At-29 Apr, 2026 | 19:13

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided script, instead, use something else like FTS tika. No publicly available exploits are known.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CPE Matches

>>dovecot>>Versions before 2.4.3(exclusive)

cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*

Open-Xchange AG

>>dovecot>>Versions before 2.3.22.1(exclusive)

cpe:2.3:a:open-xchange:dovecot:*:*:*:*:pro:*:*:*

Open-Xchange AG

>>dovecot>>Versions from 3.0.0(inclusive) to 3.1.3(exclusive)

cpe:2.3:a:open-xchange:dovecot:*:*:*:*:pro:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Secondary	security@open-xchange.com

CWE ID: CWE-200

Type: Secondary

Source: security@open-xchange.com

References

Hyperlink	Source	Resource
https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json	security@open-xchange.com	Vendor Advisory

Hyperlink: https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json

Source: security@open-xchange.com

Resource:

Vendor Advisory