CVE-2025-59045 is a high-severity memory exhaustion vulnerability affecting the Stalwart mail and collaboration server, specifically in versions from 0.12.0 up to but not including 0.13.3. The flaw resides in the CalDAV implementation's handling of recurring event expansions within the ArchivedCalendarEventData.expand function. When a client issues a CalDAV REPORT request with the <C:expand> element to retrieve recurring events in their expanded form, the server processes and stores all expanded event instances in memory without imposing any limits on the size or number of these expansions. An authenticated attacker can exploit this by creating recurring calendar events with large payloads—such as descriptions of 1000 characters—and then triggering their expansion. For example, expanding 300 such events can consume approximately 2 GB of memory, leading to server resource exhaustion and a denial-of-service (DoS) condition. This vulnerability requires attacker authentication but no user interaction or elevated privileges beyond authenticated access. The root cause is CWE-770: Allocation of Resources Without Limits or Throttling, which allows unbounded memory consumption. No known exploits are currently reported in the wild. The vendor has addressed this issue in Stalwart version 0.13.3 and later.

For European organizations using Stalwart as their mail and collaboration server, this vulnerability poses a significant risk of service disruption. The DoS condition caused by memory exhaustion can lead to server crashes, impacting availability of email and calendar services critical for business operations. This can affect productivity and potentially delay communications, especially in sectors relying heavily on collaboration tools such as finance, government, healthcare, and education. Since the vulnerability requires authenticated access, insider threats or compromised user accounts could be leveraged to launch attacks. Additionally, denial-of-service incidents may cascade into broader operational impacts if backup or failover systems are not properly configured. The lack of size limits on recurring event expansions also opens the door for attackers to craft malicious calendar data that can degrade server performance over time, potentially leading to repeated outages or increased operational costs for remediation and monitoring.

The primary mitigation is to upgrade Stalwart servers to version 0.13.3 or later, where this vulnerability is fixed. If immediate upgrading is not feasible, organizations should implement strict memory limits at the container or operating system level to prevent a single process from exhausting system memory. Monitoring tools should be configured to alert on unusual memory usage spikes associated with the Stalwart service. Rate limiting CalDAV REPORT requests, especially those involving event expansions, can reduce the risk of abuse. Access controls should be tightened to restrict CalDAV access to trusted and verified users only, minimizing the attack surface. Additionally, auditing calendar event creation for unusually large or suspicious recurring events can help detect potential exploitation attempts. Network segmentation and application-layer firewalls can also be employed to limit exposure of the CalDAV service to internal or trusted networks. Finally, incident response plans should include procedures for quickly identifying and mitigating DoS conditions related to this vulnerability.