CVE-2025-30189_CVE-2025-30189

7.4 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted passdb/userdb drivers. No publicly available exploits are known.

Basic Information

ID CVE-2025-30189

Source OX

Published Oct 31, 2025 at 09:02

Modified Oct 31, 2025 at 09:17

Affected Product

Vendor Open-Xchange GmbH

Product OX Dovecot Pro

Affected Versions Open-Xchange GmbH OX Dovecot Pro 0

References

documentation.open-xchange.com /dovecot/security/advisories/csaf/2025/oxdc-adv-2025-0001.json

{
    "lastseen": "",
    "description": "When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted passdb/userdb drivers. No publicly available exploits are known.",
    "published": "2025-10-31T09:02:33.273Z",
    "modified": "2025-10-31T09:17:03.236Z",
    "type": "cve",
    "title": "CVE-2025-30189",
    "source": "OX",
    "references": "https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2025/oxdc-adv-2025-0001.json",
    "id": "CVE-2025-30189",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Open-Xchange GmbH OX Dovecot Pro 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.4,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OX Dovecot Pro",
    "version": "0",
    "vendor": "Open-Xchange GmbH",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply