CVE-2025-49113

Published Jun 2, 2025

Last updated a month ago

CVSS critical 9.9
Roundcube Webmail

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-49113 is a remote code execution vulnerability affecting Roundcube Webmail versions before 1.5.10 and 1.6.x before 1.6.11. It stems from the insufficient validation of the `_from` parameter in the `program/actions/settings/upload.php` file. This lack of validation allows for PHP Object Deserialization, potentially enabling authenticated users to execute arbitrary code on the Roundcube Webmail server. The vulnerability has been addressed in Roundcube Webmail versions 1.5.10 and 1.6.11.

Description
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.9
Impact score
6
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

cve@mitre.org
CWE-502

Social media

Hype score
Not currently trending
  1. CVE-2025-49113 – Roundcube Webmail RCE Exploit https://t.co/tR5pyJwGD6 https://t.co/dS17s6pl0m

    @cyber_advising

    21 Jul 2025

    10312 Impressions

    48 Retweets

    186 Likes

    101 Bookmarks

    2 Replies

    0 Quotes

  2. RCE in Roundcube (CVE-2025-49113): 10 years in the code, public exploit since June 5, real attacks confirmed. Patch now! #Roundcube #FearsOff ➡️ https://t.co/Iwrf5tJ0rs https://t.co/579eDF6fW8

    @leonov_av

    21 Jul 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. #𝒜𝔫𝑜𝔫𝒚𝔪𝑜𝖚𝙨 #FuckIsrael #FreePalestine #OpIsrael #FreeGaza #StopGenocideOfPalestinians Israel webmail servers is Ꮒ𝘢𝔠𝕜𝖊𝕕 Ƅ𝒚 𝕜𝕣𝑜𝕜𝖊𝕥𝖊𝘢𝙨𝒊𝔫𝕘, CVE-2025-49113 is a critical vulnerability affecting

    @Lulz_BinBash

    13 Jul 2025

    154 Impressions

    1 Retweet

    6 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  4. CVE-2025-49113 https://t.co/yqNuZLefAL

    @Dwaynejohn000

    12 Jul 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Actively exploited CVE : CVE-2025-49113

    @transilienceai

    9 Jul 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2025-49113

    @transilienceai

    28 Jun 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Just published a write-up on CVE-2025-49113 – a critical authenticated RCE in Roundcube Webmail. https://t.co/aMG5AiyezC #RedTeam #CVE2025_49113 #TryHackMe

    @z41b1337

    27 Jun 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Ready to tackle another legendary CVE? 💥 Just added to Hackviser Labs: A hands-on lab for Roundcube ≤ 1.6.10 Post-Auth RCE (CVE-2025-49113) 🚀 Perfect for security professionals and enthusiasts looking to understand and practice with real-world vulnerabilities 💪 Che

    @hackviserr

    26 Jun 2025

    146 Impressions

    2 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2025-49113 https://t.co/ExTddikABq

    @40sp3l

    24 Jun 2025

    26527 Impressions

    111 Retweets

    840 Likes

    521 Bookmarks

    6 Replies

    0 Quotes

  10. CVE-2025-49113-Scanner – Security Advisory 🔍 Description: Critical RCE vulnerability in certain web services. This tool checks and exploits the issue automatically. 🛠️ Exploitation Script: https://t.co/DWqjMEvHdg https://t.co/pWwd1aHwor

    @issam_juniorx

    23 Jun 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🦜🐻‍❄️🐱YouTube video walk through for TryHackMe Roundcube: CVE-2025-49113 🦊🐥CVE-2025-49113 is a Post-Authentication Remote Code Execution (RCE) vulnerability in Roundcube webmail (versions ≤ 1.6.10) caused by unsafe PHP object deserialization. Video link i

    @DjalilAyed

    23 Jun 2025

    77 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. Actively exploited CVE : CVE-2025-49113

    @transilienceai

    23 Jun 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Getting hands on with CVE-2025-49113. https://t.co/Xo5cRCzrcm #tryhackme via @realtryhackme

    @p0rkchxp

    22 Jun 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. Actively exploited CVE : CVE-2025-49113

    @transilienceai

    22 Jun 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. Actively exploited CVE : CVE-2025-49113

    @transilienceai

    21 Jun 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. Actively exploited CVE : CVE-2025-49113

    @transilienceai

    21 Jun 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. Actively exploited CVE : CVE-2025-49113

    @transilienceai

    19 Jun 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. Actively exploited CVE : CVE-2025-49113

    @transilienceai

    19 Jun 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  19. 🚨CVE-2025-49113、#Roundcube ウェブメール #RCE 脆弱性! メールの件名だけでリモートコード実行⚠️ 悪意のあるメールのリモートコマンドによりバックドアがインストールされる可能性があります。 🔍56,000件の

    @CriminalIP_JP

    19 Jun 2025

    22 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 🚨CVE-2025-49113, #Roundcube 웹메일 #RCE 취약점! 메일 제목만으로 원격 코드 실행⚠️ 악성 메일을 수신받으면 공격자의 원격 명령으로 백도어가 설치될 수 있습니다. 🔍외부에 노출된 56,000여 개 인스턴스를 확인해보

    @CriminalIP_KR

    19 Jun 2025

    76 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Desplegada actualización generalizada en todos los servidores mantenidos, propios y terceros para disponer de #RoundCube 1.6.11 para corregir fallo crítico CVE-2025-49113: https://t.co/1eqGonUsVh

    @ASPLhosting

    18 Jun 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. TryHackMe | Roundcube: CVE-2025-49113 | WriteUp https://t.co/bkp3artOUm

    @sn0optsz

    18 Jun 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Day 15: Analyzed CVE-2025-49113 - CRITICAL RCE in Roundcube Webmail! CVSS: 9.9/10 | EPSS: 73.08% | 84K+ vulnerable installs Article link : https://t.co/kW9KNHYAjz #LSPPDay15 #60DaysOfLearning2025 #LearningWithLeapfrog @lftechnology

    @itsdavidmandal

    17 Jun 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Roundcube hit by critical zero-day as hackers sell exploit for CVE-2025-49113, enabling remote code execution in popular webmail platform. #CyberSecurity #ZeroDay #RoundcubeExploit https://t.co/6DG63LLywc

    @CyberSecTV_eu

    17 Jun 2025

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Roundcube. Exploring CVE-2025-49113. https://t.co/p6rA3nKVZ2 #tryhackme via @realtryhackme

    @stefan_pauly

    17 Jun 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. NEW RECENT THREAT: Roundcube: CVE-2025-49113 🔗 https://t.co/ZZLIh8F9H6 From webmail access to system access: Explore Roundcube's recent vulnerability in a lab environment. Learn how it works, how to exploit it, and how to mitigate it. 🔴 https://t.co/e4eM2Bfh6J

    @RealTryHackMe

    16 Jun 2025

    4404 Impressions

    9 Retweets

    75 Likes

    11 Bookmarks

    0 Replies

    0 Quotes

  27. 🐞 🪲 New room Roundcube: CVE-2025-49113 from TryHackMe 😸 Exploit CVE-2025-49113 in a lab environment. 🪝 This vulnerability allows remote code execution (RCE) by authenticated users Room link in first comment: 🦜🦜⤵️⤵️ https://t.co/m1cP2I6HEc

    @DjalilAyed

    16 Jun 2025

    83 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  28. Top 5 Trending CVEs: 1 - CVE-2025-33053 2 - CVE-2025-3052 3 - CVE-2025-49113 4 - CVE-2025-33073 5 - CVE-2025-25022 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    16 Jun 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 🤬CVE-2025-49113: Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization FOFA Link: https://t.co/wOdnSinywG FOFA Query: app="roundcube" Results: 51,584,735 Advisory:https://t.co/sWPSYiVk2z CVSS: 9.9 https://t.co/i45cBNBtyu

    @TheMsterDoctor1

    15 Jun 2025

    4602 Impressions

    28 Retweets

    95 Likes

    53 Bookmarks

    3 Replies

    0 Quotes

  30. https://t.co/ejF6ZL2Q6A was NOT compromised via CVE-2025-49113 Roundcube RCE, according to them they are running older version of Roundcube, immune to the exploit. Nothing ever happens. Read more: https://t.co/iPYrP4EhFF https://t.co/erdLgPK5dc

    @svobodacenter

    15 Jun 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. 🚨CVE-2025-49113: Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization FOFA Link: https://t.co/GeGdXSS1pj… FOFA Query: app="roundcube" Results: 51,584,735 Advisory: https://t.co/ELitlTM4bg… https://t.co/BJcfEYQL5C

    @JackNike317913

    15 Jun 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 🚨CVE-2025-49113: Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization FOFA Link: https://t.co/n8KZhhhs11 FOFA Query: app="roundcube" Results: 51,584,735 Advisory: https://t.co/ctSkVwwXDk CVSS: 9.9 https://t.co/u51dKTv92k

    @DarkWebInformer

    13 Jun 2025

    7956 Impressions

    29 Retweets

    129 Likes

    65 Bookmarks

    2 Replies

    0 Quotes

  33. 🚨 CVE-2025-49113 #RCE Alert! A 10-year-old flaw in Roundcube Webmail is now weaponized. Attackers exploit PHP deserialization to run arbitrary code. Over 1.9M instances at risk! 📄 Read full advisory: https://t.co/M8L5gynxA5 #CyberSecurity https://t.co/NZihmnHBTL

    @sequretek_sqtk

    13 Jun 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Több mint 84 000 Roundcube levelezőrendszer sebezhető világszerte Kiril Firsov biztonsági kutató fedezte fel a CVE-2025-49113 számon nyilván tartott sebezhetőséget, amely távoli kódfuttatást (RCE) tesz lehetővé a Roundcube nevű webmail szolgáltatás 1.1.0 és az

    @linuxmint_hun

    13 Jun 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. 🚨 Critical Roundcube Webmail RCE (CVE-2025-49113) 🚨 A 10-year-old flaw in Roundcube Webmail is actively exploited for Remote Code Execution (CVSS 9.9). Over 84,000 servers at risk. ✅ Patch ASAP to 1.6.11 / 1.5.10. 🚫 Stop potential full server compromise. #Roundcube

    @ZBounty18591

    13 Jun 2025

    10 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  36. ⚠ Critical RCE in Roundcube Mail (CVE-2025-49113)! #Mageia 9’s latest update patches a Post-Auth Remote Code Execution flaw. If you self-host email: ✅ Update NOW ✅ Audit logs ✅ Check for IOCs Read more: 👇https://t.co/hG7xhBvdL4 #InfoSec #SysAdmin https://t.co/4D9

    @Cezar_H_Linux

    12 Jun 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Vulnerabilidad en Roundcube Webmail: Un fallo crítico (CVE-2025-49113, CVSS 9.9) en Roundcube Webmail permite a usuarios autenticados tomar control total de servidores. Parches fueron lanzados el 1 de junio de 2025, pero muchas instalaciones siguen expuestas. https://t.co/4XM9Dn

    @AlfonsoBalcells

    12 Jun 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. 🚨 #CVE-2025-49113 – Authenticated RCE in Roundcube via Unsafe Deserialization in uploadphp https://t.co/jH1wZZNjdE Educational Purposes!

    @UndercodeUpdate

    11 Jun 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Roundcube Mail后台代码执行漏洞复现(CVE-2025-49113)及POC

    @WenhuaGui

    11 Jun 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. 脆弱性の悪用により8万以上のRoundcubeサーバーに影響(CVE-2025-49113) https://t.co/jH5Wekq1Q4 #Security #セキュリティ #ニュース

    @SecureShield_

    11 Jun 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Over 84,000 Roundcube webmail installations are vulnerable to CVE-2025-49113, a critical remote code execution flaw affecting versions 1.1.0 to 1.6.10. https://t.co/TI9Ac6WbJt

    @securityRSS

    10 Jun 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Exploited Vulnerability Impacts Over 80,000 Roundcube Servers Over 85,000 Roundcube webmail servers are vulnerable to a critical RCE flaw (CVE-2025-49113, CVSS 9.9) affecting versions 1.1.0 to 1.6.10. The bug, a PHP Object Injection issue stemming from mishandled variable names,

    @dCypherIO

    10 Jun 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. 🗞️ Over 84,000 Roundcube webmail instances are vulnerable to a critical remote code execution flaw (CVE-2025-49113), with public exploits circulating and active attacks likely. System admins are urged to patch to versions 1.6.11 or 1.5.10 immediately Key takeaways: 🧵 htt

    @gossy_84

    10 Jun 2025

    75 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  44. Plus de 84 000 instances Roundcube exposées à une faille d’exécution de code à distance (RCE) critique (CVE-2025-49113) activement exploitée. https://t.co/moIuwjwSnp

    @cert_ist

    10 Jun 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. CVE-2025-49113 - Roundcube - Remote Code Execution

    @ghostbugste

    10 Jun 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Over 80,000 Roundcube servers running versions 1.1.0 to 1.6.10 are vulnerable to a critical remote code execution flaw (CVE-2025-49113). Exploitation via brute-force or log extraction poses major risks. 🔓 #Webmail #Vulnerability #UK https://t.co/wEyQ9OfV0C

    @TweetThreatNews

    10 Jun 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. Roundcube RCE: Dark Web Activity Signals Imminent Attacks (CVE-2025-49113) As digital defense becomes an integral part of the twenty-first-century b https://t.co/r8N4OXxaih https://t.co/901jgwtEPw

    @AegisLens

    10 Jun 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. 🚨 Over 84,000 Roundcube instances at risk due to CVE-2025-49113 RCE vulnerability with public exploit available. Take immediate action. #CyberSecurity #InfoSec https://t.co/uWHt6sQuMM

    @not2cleverdotme

    10 Jun 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. 🚨 Más de 84,000 servidores Roundcube son vulnerables a la falla crítica CVE-2025-49113. Ya existe exploit público y están bajo riesgo de explotación activa. Se recomienda actualizar urgentemente a la versión 1.6.11. #Roundcube #CVE202549113 #SISAPNews https://t.co/GeP9F

    @SISAP_LATAM

    10 Jun 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. 84,000以上のRoundcubeインスタンスに脆弱性、積極的に悪用される恐れ(CVE-2025-49113) https://t.co/VF8MSEENtk #Security #セキュリティ #ニュース

    @SecureShield_

    10 Jun 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes