CVE-2025-30189
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted passdb/userdb drivers. No publicly available exploits are known.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Open-Xchange GmbH | OX Dovecot Pro | 0 <= 3.1.0 | affected |
| Open-Xchange GmbH | OX Dovecot Pro | 0 <= 2.4.0 | affected |
Weaknesses
- CWE-1250: Improper Preservation of Consistency Between Independent Representations of Shared State
ADP Enrichment
CVE Program Container
Additional References
- http://seclists.org/fulldisclosure/2025/Oct/29
- http://www.openwall.com/lists/oss-security/2025/10/29/4
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.