Home

Description

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted passdb/userdb drivers. No publicly available exploits are known.

PUBLISHED Reserved 2025-03-18 | Published 2025-10-31 | Updated 2025-11-04 | Assigner OX




HIGH: 7.4CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem types

Improper Preservation of Consistency Between Independent Representations of Shared State

Product status

Default status
unaffected

Any version
affected

References

seclists.org/fulldisclosure/2025/Oct/29

www.openwall.com/lists/oss-security/2025/10/29/4

documentation.open-xchange.com/...25/oxdc-adv-2025-0001.json vendor-advisory

cve.org (CVE-2025-30189)

nvd.nist.gov (CVE-2025-30189)

Download JSON