CVE-2024-42009

Published Aug 5, 2024

Last updated 3 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-42009 is a Cross-Site Scripting (XSS) vulnerability affecting Roundcube webmail software, specifically versions 1.5.7 and 1.6.x up to 1.6.7. It stems from a flaw in the `message_body()` function within the `program/actions/mail/show.php` file, where a desanitization issue can be exploited. This vulnerability allows a remote attacker to steal and send emails of a victim by sending a specially crafted email message. When a user views this malicious email in Roundcube, the attacker can execute arbitrary JavaScript in the victim's browser, potentially gaining persistent access to exfiltrate emails or steal passwords.

Description
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
Source
cve@mitre.org
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
9.3
Impact score
5.8
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
RoundCube Webmail Cross-Site Scripting Vulnerability
Exploit added on
Jun 9, 2025
Exploit action due
Jun 30, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-79
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-79

Social media

Hype score
Not currently trending
  1. CISA adds critical vulnerabilities CVE-2025-32433 & CVE-2024-42009 to KEV catalog—impacting Erlang/OTP SSH & Roundcube Webmail. Exploits could lead to remote commands & email theft. Federal agencies must patch promptly ⚠️ #Erlang #Firefox #US https://t.co/ZocOD9

    @TweetThreatNews

    10 Jun 2025

    76 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログに、Erlang/OTPのCVE-2025-32433とRoundCubeのCVE-2024-42009が追加。対処期限は通常の6/30で、ランサムウェア悪用は不知。 また、For

    @__kokumoto

    9 Jun 2025

    1104 Impressions

    0 Retweets

    6 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

  3. 🛡️ We added RoundCube Webmail and Erlang/OTP vulnerabilities CVE-2024-42009 & CVE-2025-32433 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/

    @CISACyber

    9 Jun 2025

    7590 Impressions

    21 Retweets

    43 Likes

    4 Bookmarks

    1 Reply

    0 Quotes

  4. 🚨 Threat Campaign: Belarus-Linked UNC1151 Exploits Roundcube CVE-2024-42009 in Spear Phishing Campaign Targeting Polish Entities to Steal Credentials via Malicious Service Worker🚨 Summary: UNC1151 launched a spear phishing campaign targeting Polish entities, exploiting htt

    @CyberxtronTech

    9 Jun 2025

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CERT Polska warns of UNC1151 spear phishing targeting Polish organizations via Roundcube flaw (CVE-2024-42009). Malicious emails use obfuscated JavaScript & Service Workers to steal login data. Stay alert! ⚠️ #Poland #CyberEspionage #Webmail https://t.co/ygadg7szUK

    @TweetThreatNews

    9 Jun 2025

    76 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CERT Polska warns of a critical Roundcube XSS flaw (CVE-2024-42009) exploited by UNC1151 in spear phishing, stealing credentials and compromising Polish organizations. #Roundcube #XSS #Phishing #Cybersecurity #UNC1151 https://t.co/8rkhyOpBxE

    @the_yellow_fall

    9 Jun 2025

    194 Impressions

    0 Retweets

    4 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 ¡Vulnerabilidad crítica en Roundcube (CVE-2024-42009)! Permite ejecución remota tras login. Afecta a versiones <1.5.10 y <1.6.11p. Ya protegimos a nuestros clientes. ¿Y tú? 🔗 https://t.co/XjbBVybMeW #okITup #Seguridad https://t.co/0YyVHzJokd

    @okITupSL

    6 Jun 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Roundcube Risks CVE-2025-49113 vul analysis https://t.co/kvX9t6ymid CVE-2024-42009 https://t.co/GPyhSCFihi https://t.co/quZm7j9sZr

    @blackorbird

    6 Jun 2025

    904 Impressions

    2 Retweets

    2 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  9. 🔐 CERT Polska ostrzega: Zidentyfikowano kampanię wymierzoną w polskie podmioty, wykorzystującą podatność CVE-2024-42009 w Roundcube. Wystarczy otworzyć spreparowanego maila, by złośliwy kod JavaScript przejął dane logowania i zainstalował tzw. Service Workera –

    @CYFRA_GOV_PL

    6 Jun 2025

    1239 Impressions

    4 Retweets

    6 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. ⚠️ Critical Roundcube flaw (CVE-2024-42009) exploited in spearphishing attack by UNC1151! Polish entities targeted. Update to 1.6.11/1.5.10 NOW & monitor for suspicious activity. Full details & IOCs: 🚨 #Cybersecurity #Roundcube #Spearphishing https://t.co/45aoHYoe

    @fernandokarl

    6 Jun 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. ⚠️A spearphishing campaign exploiting the CVE-2024-42009 vulnerability in Roundcube. ‼️The vulnerability enables attackers to execute malicious JavaScript code when an e-mail message is opened. 📌High probability attribution to UNC1151 group. ➡️ More: https://t.

    @CERT_Polska_en

    5 Jun 2025

    4203 Impressions

    17 Retweets

    45 Likes

    17 Bookmarks

    0 Replies

    2 Quotes

  12. Hice una pequeña prueba de concepto para explotar el CVE-2024-42009. Sencillamente dije "no hay PoC buenos de este CVE, voy a crear uno!" y así fue en una noche 😎 https://t.co/T4wJ8bfsaY

    @DaniTheHack3r

    24 May 2025

    2061 Impressions

    9 Retweets

    44 Likes

    7 Bookmarks

    2 Replies

    0 Quotes

  13. XSS Exploit for Roundcube Webmail 1.6.7 (CVE-2024-42009) The exploit injects a malicious payload, allowing email exfiltration upon execution. 🔗 Check it out: https://t.co/yDvJugNQf8

    @0xBassiouny1337

    12 Feb 2025

    80 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  14. XSS Exploit for Roundcube Webmail 1.6.7 (CVE-2024-42009) The exploit injects a malicious payload, allowing email exfiltration upon execution. 🔗 Check it out: https://t.co/yDvJugNQf8

    @0xBassiouny1337

    12 Feb 2025

    118 Impressions

    0 Retweets

    7 Likes

    1 Bookmark

    0 Replies

    0 Quotes

Configurations