Memory Exhaustion Vulnerability in Stalwart Mail and Collaboration Server
CVE-2025-59045

7.1HIGH

Key Information:

Vendor

Stalwartlabs

Status
Stalwart
Vendor
CVE Published:
10 September 2025

What is CVE-2025-59045?

A memory exhaustion flaw has been identified in Stalwart's CalDAV implementation, affecting versions prior to 0.13.3. This vulnerability allows authenticated users to exploit the system by creating recurring events with extensive payloads, causing excessive memory consumption and potentially leading to a denial-of-service condition. When the server receives requests to expand these events, it fails to enforce limits on memory allocation, which can result in significant usage spikes. It is crucial for users on affected versions to upgrade to 0.13.3 or implement mitigation strategies, such as memory limits and rate limiting for CalDAV requests, to secure the server.

Affected Version(s)

stalwart >= 0.12.0, < 0.13.3

References

https://github.com/stalwartlabs/stalwart/security/advisor...
x_refsource_CONFIRM
https://github.com/stalwartlabs/stalwart/commit/15762fba2...
x_refsource_MISC
https://github.com/stalwartlabs/stalwart/blob/main/CHANGE...
x_refsource_MISC

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-59045 : Memory Exhaustion Vulnerability in Stalwart Mail and Collaboration Server