CVE-2025-59031 | THREATINT

Description

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided script, instead, use something else like FTS tika. No publicly available exploits are known.

PUBLISHED Reserved 2025-09-08 | Published 2026-03-27 | Updated 2026-03-27 | Assigner OX

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status

unaffected

Any version

affected

References

documentation.open-xchange.com/...26/oxdc-adv-2026-0001.json vendor-advisory

cve.org (CVE-2025-59031)

nvd.nist.gov (CVE-2025-59031)

Download JSON