CVE-2025-61600 is a vulnerability categorized under CWE-400 (Uncontrolled Resource Consumption) and CWE-789 (Uncontrolled Memory Allocation) affecting stalwartlabs' stalwart mail and collaboration server software versions prior to 0.13.4. The flaw exists in the IMAP protocol parser, specifically within the CommandParser component. While most parsing states enforce size limits on dynamic buffers, several state handlers omit these checks, allowing an attacker to send specially crafted IMAP requests that cause the server to allocate memory without bounds. This unbounded memory allocation can exhaust the server's available memory resources, leading to the invocation of the operating system's out-of-memory (OOM) killer, which terminates processes to free memory. The result is a denial of service (DoS) condition, rendering the mail server unavailable to legitimate users. The vulnerability can be exploited remotely without authentication or user interaction, increasing its risk profile. Although no known exploits are reported in the wild as of the publication date, the vulnerability's nature and ease of exploitation make it a significant threat. The vendor addressed the issue in version 0.13.4 by adding proper size validation in all parsing states. As a temporary mitigation, network-level rate limiting and connection monitoring can reduce the attack surface but do not fully eliminate the risk. Organizations relying on stalwart for mail and collaboration services should prioritize upgrading to the patched version to prevent potential service outages caused by memory exhaustion attacks.

For European organizations, the impact of CVE-2025-61600 can be substantial, particularly for those that use stalwart as a core mail and collaboration platform. A successful exploitation results in denial of service, disrupting email communication and collaboration workflows, which are critical for business operations. This can lead to operational downtime, loss of productivity, and potential reputational damage. Organizations in sectors such as finance, government, healthcare, and critical infrastructure, where reliable communication is essential, may face heightened risks. Additionally, denial of service attacks can be leveraged as part of multi-vector campaigns or to distract security teams while other attacks are carried out. The lack of authentication and user interaction requirements means attackers can launch attacks remotely and anonymously, increasing the likelihood of exploitation. The vulnerability also poses risks to service providers hosting stalwart servers for multiple clients, potentially affecting a broad user base. Given the high CVSS score (7.5) and the nature of the vulnerability, European entities should consider this a high-priority security issue.

1. Immediate upgrade to stalwart version 0.13.4 or later, where the vulnerability is fixed, is the most effective mitigation. 2. Implement network-level rate limiting to restrict the number of IMAP connections and requests per client IP to reduce the risk of memory exhaustion attacks. 3. Deploy connection monitoring and anomaly detection systems to identify unusual spikes in IMAP traffic or malformed requests indicative of exploitation attempts. 4. Use firewall rules or intrusion prevention systems (IPS) to block or throttle suspicious traffic patterns targeting the IMAP service. 5. Isolate mail servers in segmented network zones with strict access controls to limit exposure. 6. Regularly audit and monitor server resource usage to detect early signs of memory exhaustion. 7. Maintain up-to-date backups and incident response plans to quickly recover from potential denial of service incidents. 8. Engage with stalwartlabs support channels for any additional patches or advisories. These steps go beyond generic advice by focusing on specific controls tailored to the IMAP protocol and the nature of the vulnerability.