ManageSieve AUTHENTICATE Command Denial-of-Service Vulnerability (CVE-2025-59032)
CVE-2025-59032 describes a vulnerability in ManageSieve's AUTHENTICATE command, where using a literal as a SASL initial response can crash the ManageSieve service, leading to a denial-of-service condition.
CVE-2025-59032 is a denial-of-service vulnerability affecting ManageSieve services. The vulnerability occurs within the AUTHENTICATE command when processing a literal as the SASL initial response. An attacker can exploit this vulnerability by sending crafted requests that trigger a crash in the ManageSieve service. This can be done repeatedly, rendering the service unavailable to legitimate users. The vulnerability was reported to Open-Xchange and affects Dovecot-based ManageSieve…
Detection coverage 2
Detect ManageSieve Service Crashes
mediumDetects repeated crashes of the ManageSieve service, potentially indicating exploitation of CVE-2025-59032.
Detect ManageSieve Connections from Unusual Locations
lowDetects connections to the ManageSieve port (4190) from unusual or unexpected IP addresses, which could indicate malicious activity.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1