A vulnerability classified as critical was found in SUSE openSUSE Tumbleweed 2.5.0-1.1. Affected by this vulnerability is an unknown functionality of the component cyrus-imapd. The manipulation leads to symlink following.
This vulnerability is known as CVE-2025-23394. An attack has to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.