CNNVD-202510-4383 Information

CNNVD ID

CNNVD-202510-4383

Related CVE

CVE-2025-30189

• CNNVD Published: 2025-10-31

Description (Chinese)

Open-Xchange OX Dovecot Pro是德国Open-Xchange公司的一个邮件存储与投递系统。 Open-Xchange OX Dovecot Pro存在安全漏洞，该漏洞源于启用缓存时passdb或userdb驱动程序错误地使用相同缓存键缓存所有用户，导致后续登录错误使用缓存信息。

Description (English)

Open-Xchange OX Dovecot Pro is a mail storage and delivery system of the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a security loophole, which results from the incorrect use of the same cache key for all users at the time the cache is enabled, or the userdb driver, resulting in the subsequent login error using the cache information.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Open-Xchange

Published

2025-10-31

Last Modified

2026-02-24

References

https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2025/oxdc-adv-2025-0001.json http://seclists.org/fulldisclosure/2025/Oct/29 https://access.redhat.com/security/cve/cve-2025-30189

Patch

https://www.open-xchange.com/