Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-59031

Опубликовано: 27 мар. 2026
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS3: 4.3

Описание

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided script, instead, use something else like FTS tika. No publicly available exploits are known.

РелизСтатусПримечание
devel

pending

1:2.4.2+dfsg1-3ubuntu2
esm-infra-legacy/trusty

needed

esm-infra/bionic

needed

esm-infra/focal

needed

esm-infra/xenial

needed

jammy

released

1:2.3.16+dfsg1-3ubuntu2.7
noble

released

1:2.3.21+dfsg1-2ubuntu6.3
questing

released

1:2.4.1+dfsg1-5ubuntu4.1
upstream

released

2.4.3

Показывать по

Ссылки на источники

EPSS

Процентиль: 9%
0.0003
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2025-59031

CVSS3: 4.3
redhat
11 дней назад

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided script, instead, use something else like FTS tika. No publicly available exploits are known.

nvd логотип

CVE-2025-59031

CVSS3: 4.3
nvd
11 дней назад

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided script, instead, use something else like FTS tika. No publicly available exploits are known.

debian логотип

CVE-2025-59031

CVSS3: 4.3
debian
11 дней назад

Dovecot has provided a script to use for attachment to text conversion ...

github логотип

GHSA-7r6x-855q-h59r

CVSS3: 4.3
github
11 дней назад

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided script, instead, use something else like FTS tika. No publicly available exploits are known.

EPSS

Процентиль: 9%
0.0003
Низкий

4.3 Medium

CVSS3