A security vulnerability in Dovecot IMAP Server versions 2.4.0 and 2.4.1 causes incorrect caching of authentication lookups, potentially leading to login issues. The issue has been fixed in version 2.4.2, and disabling auth cache is a temporary workaround. #Dovecot #CVE-2025-30189
Keypoints
- The vulnerability affects Dovecot IMAP Server versions 2.4.0 and 2.4.1.
- It involves improper caching of authentication lookups when using specific passdb configurations.
- The issue has been assigned CVE-2025-30189 and has a CVSS score of 7.4.
- Disabling the auth cache by setting auth_cache_size=0 can serve as a temporary workaround.
- The fix is available in Dovecot version 2.4.2, with a patch provided by the vendor.