AI description
CVE-2024-42009 is a Cross-Site Scripting (XSS) vulnerability affecting Roundcube webmail software, specifically versions 1.5.7 and 1.6.x up to 1.6.7. It stems from a flaw in the `message_body()` function within the `program/actions/mail/show.php` file, where a desanitization issue can be exploited. This vulnerability allows a remote attacker to steal and send emails of a victim by sending a specially crafted email message. When a user views this malicious email in Roundcube, the attacker can execute arbitrary JavaScript in the victim's browser, potentially gaining persistent access to exfiltrate emails or steal passwords.
- Description
- A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.3
- Impact score
- 5.8
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- RoundCube Webmail Cross-Site Scripting Vulnerability
- Exploit added on
- Jun 9, 2025
- Exploit action due
- Jun 30, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
CISA adds critical vulnerabilities CVE-2025-32433 & CVE-2024-42009 to KEV catalog—impacting Erlang/OTP SSH & Roundcube Webmail. Exploits could lead to remote commands & email theft. Federal agencies must patch promptly ⚠️ #Erlang #Firefox #US https://t.co/ZocOD9
@TweetThreatNews
10 Jun 2025
76 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログに、Erlang/OTPのCVE-2025-32433とRoundCubeのCVE-2024-42009が追加。対処期限は通常の6/30で、ランサムウェア悪用は不知。 また、For
@__kokumoto
9 Jun 2025
1104 Impressions
0 Retweets
6 Likes
2 Bookmarks
1 Reply
0 Quotes
🛡️ We added RoundCube Webmail and Erlang/OTP vulnerabilities CVE-2024-42009 & CVE-2025-32433 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/
@CISACyber
9 Jun 2025
7590 Impressions
21 Retweets
43 Likes
4 Bookmarks
1 Reply
0 Quotes
🚨 Threat Campaign: Belarus-Linked UNC1151 Exploits Roundcube CVE-2024-42009 in Spear Phishing Campaign Targeting Polish Entities to Steal Credentials via Malicious Service Worker🚨 Summary: UNC1151 launched a spear phishing campaign targeting Polish entities, exploiting htt
@CyberxtronTech
9 Jun 2025
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CERT Polska warns of UNC1151 spear phishing targeting Polish organizations via Roundcube flaw (CVE-2024-42009). Malicious emails use obfuscated JavaScript & Service Workers to steal login data. Stay alert! ⚠️ #Poland #CyberEspionage #Webmail https://t.co/ygadg7szUK
@TweetThreatNews
9 Jun 2025
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CERT Polska warns of a critical Roundcube XSS flaw (CVE-2024-42009) exploited by UNC1151 in spear phishing, stealing credentials and compromising Polish organizations. #Roundcube #XSS #Phishing #Cybersecurity #UNC1151 https://t.co/8rkhyOpBxE
@the_yellow_fall
9 Jun 2025
194 Impressions
0 Retweets
4 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨 ¡Vulnerabilidad crítica en Roundcube (CVE-2024-42009)! Permite ejecución remota tras login. Afecta a versiones <1.5.10 y <1.6.11p. Ya protegimos a nuestros clientes. ¿Y tú? 🔗 https://t.co/XjbBVybMeW #okITup #Seguridad https://t.co/0YyVHzJokd
@okITupSL
6 Jun 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Roundcube Risks CVE-2025-49113 vul analysis https://t.co/kvX9t6ymid CVE-2024-42009 https://t.co/GPyhSCFihi https://t.co/quZm7j9sZr
@blackorbird
6 Jun 2025
904 Impressions
2 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
🔐 CERT Polska ostrzega: Zidentyfikowano kampanię wymierzoną w polskie podmioty, wykorzystującą podatność CVE-2024-42009 w Roundcube. Wystarczy otworzyć spreparowanego maila, by złośliwy kod JavaScript przejął dane logowania i zainstalował tzw. Service Workera –
@CYFRA_GOV_PL
6 Jun 2025
1239 Impressions
4 Retweets
6 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ Critical Roundcube flaw (CVE-2024-42009) exploited in spearphishing attack by UNC1151! Polish entities targeted. Update to 1.6.11/1.5.10 NOW & monitor for suspicious activity. Full details & IOCs: 🚨 #Cybersecurity #Roundcube #Spearphishing https://t.co/45aoHYoe
@fernandokarl
6 Jun 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️A spearphishing campaign exploiting the CVE-2024-42009 vulnerability in Roundcube. ‼️The vulnerability enables attackers to execute malicious JavaScript code when an e-mail message is opened. 📌High probability attribution to UNC1151 group. ➡️ More: https://t.
@CERT_Polska_en
5 Jun 2025
4203 Impressions
17 Retweets
45 Likes
17 Bookmarks
0 Replies
2 Quotes
Hice una pequeña prueba de concepto para explotar el CVE-2024-42009. Sencillamente dije "no hay PoC buenos de este CVE, voy a crear uno!" y así fue en una noche 😎 https://t.co/T4wJ8bfsaY
@DaniTheHack3r
24 May 2025
2061 Impressions
9 Retweets
44 Likes
7 Bookmarks
2 Replies
0 Quotes
XSS Exploit for Roundcube Webmail 1.6.7 (CVE-2024-42009) The exploit injects a malicious payload, allowing email exfiltration upon execution. 🔗 Check it out: https://t.co/yDvJugNQf8
@0xBassiouny1337
12 Feb 2025
80 Impressions
0 Retweets
2 Likes
1 Bookmark
1 Reply
0 Quotes
XSS Exploit for Roundcube Webmail 1.6.7 (CVE-2024-42009) The exploit injects a malicious payload, allowing email exfiltration upon execution. 🔗 Check it out: https://t.co/yDvJugNQf8
@0xBassiouny1337
12 Feb 2025
118 Impressions
0 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC573DD9-42FE-4467-89E4-E3DAC9E3C744",
"versionEndExcluding": "1.5.8"
},
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "350AC515-3D8C-48E1-9D73-023609560C8A",
"versionEndExcluding": "1.6.8",
"versionStartIncluding": "1.6.0"
}
],
"operator": "OR"
}
]
}
]