vulnerability

Debian: CVE-2025-59031: dovecot -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Apr 7, 2026	Apr 7, 2026	Apr 7, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Apr 7, 2026

Added

Apr 7, 2026

Modified

Apr 7, 2026

Description

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided script, instead, use something else like FTS tika. No publicly available exploits are known.

Solution

debian-upgrade-dovecot

References

CVE-2025-59031
https://attackerkb.com/topics/CVE-2025-59031
CWE-200
DEBIAN-DSA-6197-1
EUVD-EUVD-2025-209090
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-209090

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today