CVE-2025-61600 is a high-severity vulnerability affecting stalwartlabs' stalwart mail and collaboration server, specifically versions 0.13.3 and earlier. The vulnerability arises from an uncontrolled resource consumption issue (CWE-400) in the IMAP protocol parser component. The root cause is unbounded memory allocation due to missing validation checks in several state handlers of the CommandParser implementation. While most parsing states enforce size limits on dynamic buffers, some do not, allowing a remote attacker to send specially crafted IMAP requests that cause the server to allocate excessive memory. This can exhaust the server's available memory, potentially triggering the operating system's out-of-memory (OOM) killer, which terminates processes to free memory. The result is a denial of service (DoS) condition, rendering the mail server unavailable to legitimate users. The vulnerability requires no authentication or user interaction and can be exploited remotely over the network. The issue is fixed in version 0.13.4 of stalwart. As a partial mitigation, network-level rate limiting and connection monitoring can reduce the risk but do not fully prevent exploitation due to the fundamental flaw in input validation within the parser. No known exploits are currently reported in the wild, but the ease of exploitation and high impact on availability make this a critical concern for organizations relying on stalwart for mail and collaboration services.

For European organizations, the impact of this vulnerability can be significant, especially for those using stalwart as a core mail and collaboration platform. Successful exploitation leads to denial of service, disrupting email communications and collaboration workflows, which are critical for business operations. This can affect productivity, delay communications, and potentially impact customer service and internal coordination. Organizations in sectors such as finance, government, healthcare, and critical infrastructure, where reliable communication is essential, may face operational risks and reputational damage. Additionally, prolonged downtime could lead to financial losses and regulatory compliance issues, particularly under GDPR mandates that emphasize service availability and data integrity. The vulnerability's remote exploitability without authentication increases the attack surface, making it attractive for opportunistic attackers or automated scanning campaigns. Although no known exploits exist yet, the vulnerability's characteristics suggest it could be weaponized quickly once public proof-of-concept code emerges.

To mitigate this vulnerability, European organizations should prioritize upgrading stalwart servers to version 0.13.4 or later, where the issue is patched. Until upgrades can be applied, implement strict network-level controls such as rate limiting on IMAP connections to reduce the likelihood of memory exhaustion attacks. Deploy connection monitoring and anomaly detection to identify unusual IMAP traffic patterns indicative of exploitation attempts. Consider isolating stalwart servers behind firewalls or reverse proxies that can enforce protocol-level filtering and limit exposure to untrusted networks. Regularly audit and monitor server resource usage to detect early signs of memory exhaustion. Additionally, maintain up-to-date backups and incident response plans to recover quickly from potential service disruptions. Engage with stalwartlabs for any security advisories and patches, and test updates in staging environments before production deployment to ensure stability.