AI description
CVE-2025-49113 is a remote code execution vulnerability affecting Roundcube Webmail versions before 1.5.10 and 1.6.x before 1.6.11. It stems from the insufficient validation of the `_from` parameter in the `program/actions/settings/upload.php` file. This lack of validation allows for PHP Object Deserialization, potentially enabling authenticated users to execute arbitrary code on the Roundcube Webmail server. The vulnerability has been addressed in Roundcube Webmail versions 1.5.10 and 1.6.11.
- Description
- Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- cve@mitre.org
- CWE-502
- Hype score
- Not currently trending
🚨CVE-2025-49113: Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization FOFA Link: https://t.co/n8KZhhhs11 FOFA Query: app="roundcube" Results: 51,584,735 Advisory: https://t.co/ctSkVwwXDk CVSS: 9.9 https://t.co/u51dKTv92k
@DarkWebInformer
13 Jun 2025
4169 Impressions
6 Retweets
41 Likes
15 Bookmarks
2 Replies
0 Quotes
🚨 CVE-2025-49113 #RCE Alert! A 10-year-old flaw in Roundcube Webmail is now weaponized. Attackers exploit PHP deserialization to run arbitrary code. Over 1.9M instances at risk! 📄 Read full advisory: https://t.co/M8L5gynxA5 #CyberSecurity https://t.co/NZihmnHBTL
@sequretek_sqtk
13 Jun 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Több mint 84 000 Roundcube levelezőrendszer sebezhető világszerte Kiril Firsov biztonsági kutató fedezte fel a CVE-2025-49113 számon nyilván tartott sebezhetőséget, amely távoli kódfuttatást (RCE) tesz lehetővé a Roundcube nevű webmail szolgáltatás 1.1.0 és az
@linuxmint_hun
13 Jun 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Roundcube Webmail RCE (CVE-2025-49113) 🚨 A 10-year-old flaw in Roundcube Webmail is actively exploited for Remote Code Execution (CVSS 9.9). Over 84,000 servers at risk. ✅ Patch ASAP to 1.6.11 / 1.5.10. 🚫 Stop potential full server compromise. #Roundcube
@ZBounty18591
13 Jun 2025
10 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠ Critical RCE in Roundcube Mail (CVE-2025-49113)! #Mageia 9’s latest update patches a Post-Auth Remote Code Execution flaw. If you self-host email: ✅ Update NOW ✅ Audit logs ✅ Check for IOCs Read more: 👇https://t.co/hG7xhBvdL4 #InfoSec #SysAdmin https://t.co/4D9
@Cezar_H_Linux
12 Jun 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilidad en Roundcube Webmail: Un fallo crítico (CVE-2025-49113, CVSS 9.9) en Roundcube Webmail permite a usuarios autenticados tomar control total de servidores. Parches fueron lanzados el 1 de junio de 2025, pero muchas instalaciones siguen expuestas. https://t.co/4XM9Dn
@AlfonsoBalcells
12 Jun 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #CVE-2025-49113 – Authenticated RCE in Roundcube via Unsafe Deserialization in uploadphp https://t.co/jH1wZZNjdE Educational Purposes!
@UndercodeUpdate
11 Jun 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Roundcube Mail后台代码执行漏洞复现(CVE-2025-49113)及POC
@WenhuaGui
11 Jun 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
脆弱性の悪用により8万以上のRoundcubeサーバーに影響(CVE-2025-49113) https://t.co/jH5Wekq1Q4 #Security #セキュリティ #ニュース
@SecureShield_
11 Jun 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Over 84,000 Roundcube webmail installations are vulnerable to CVE-2025-49113, a critical remote code execution flaw affecting versions 1.1.0 to 1.6.10. https://t.co/TI9Ac6WbJt
@securityRSS
10 Jun 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploited Vulnerability Impacts Over 80,000 Roundcube Servers Over 85,000 Roundcube webmail servers are vulnerable to a critical RCE flaw (CVE-2025-49113, CVSS 9.9) affecting versions 1.1.0 to 1.6.10. The bug, a PHP Object Injection issue stemming from mishandled variable names,
@dCypherIO
10 Jun 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🗞️ Over 84,000 Roundcube webmail instances are vulnerable to a critical remote code execution flaw (CVE-2025-49113), with public exploits circulating and active attacks likely. System admins are urged to patch to versions 1.6.11 or 1.5.10 immediately Key takeaways: 🧵 htt
@gossy_84
10 Jun 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Plus de 84 000 instances Roundcube exposées à une faille d’exécution de code à distance (RCE) critique (CVE-2025-49113) activement exploitée. https://t.co/moIuwjwSnp
@cert_ist
10 Jun 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49113 - Roundcube - Remote Code Execution
@ghostbugste
10 Jun 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Over 80,000 Roundcube servers running versions 1.1.0 to 1.6.10 are vulnerable to a critical remote code execution flaw (CVE-2025-49113). Exploitation via brute-force or log extraction poses major risks. 🔓 #Webmail #Vulnerability #UK https://t.co/wEyQ9OfV0C
@TweetThreatNews
10 Jun 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Roundcube RCE: Dark Web Activity Signals Imminent Attacks (CVE-2025-49113) As digital defense becomes an integral part of the twenty-first-century b https://t.co/r8N4OXxaih https://t.co/901jgwtEPw
@AegisLens
10 Jun 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Over 84,000 Roundcube instances at risk due to CVE-2025-49113 RCE vulnerability with public exploit available. Take immediate action. #CyberSecurity #InfoSec https://t.co/uWHt6sQuMM
@not2cleverdotme
10 Jun 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Más de 84,000 servidores Roundcube son vulnerables a la falla crítica CVE-2025-49113. Ya existe exploit público y están bajo riesgo de explotación activa. Se recomienda actualizar urgentemente a la versión 1.6.11. #Roundcube #CVE202549113 #SISAPNews https://t.co/GeP9F
@SISAP_LATAM
10 Jun 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
84,000以上のRoundcubeインスタンスに脆弱性、積極的に悪用される恐れ(CVE-2025-49113) https://t.co/VF8MSEENtk #Security #セキュリティ #ニュース
@SecureShield_
10 Jun 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
84,000以上のRoundcubeインスタンスが、重大(Critical)な遠隔コード実行の脆弱性CVE-2025-49113に対し脆弱な状態で露出している。Shadowserver Foundation報告。米国(19,500)、インド(15,500)、ドイツ(13,600)、フランス(3,600)、カナ
@__kokumoto
9 Jun 2025
8 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-49113: Proof of Concept Demonstrating Remote Code Execution Through Insecure Deserialization in Roundcube https://t.co/OgWMg48qD9
@DarkWebInformer
9 Jun 2025
3720 Impressions
8 Retweets
28 Likes
16 Bookmarks
1 Reply
0 Quotes
Urgent: Roundcube users vulnerable to remote code execution flaw (CVE-2025-49113). Patch now:https://t.co/X7ltthflZi #Cybersecurity #InfoSec #PatchYourSystem
@threatlight
9 Jun 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical RCE vulnerability in Roundcube webmail, CVE-2025-49113, affects versions 1.1.0 to 1.6.10. It allows attacks via PHP object deserialization, impacting 1.2M instances. A patch was issued on June 1, 2025 https://t.co/xGif7MC4x3 https://t.co/zcVnLZH1OP
@AlternativeTo
9 Jun 2025
357 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113) https://t.co/wUtVMy2O8Z #HelpNetSecurity #Cybersecurity https://t.co/5OnH2vexDi
@PoseidonTPA
9 Jun 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
With an exploit for a critical Roundcube vulnerability (CVE-2025-49113) being offered for sale on underground forums and a PoC exploit having been made public, attacks exploiting the flaw are incoming and possibly already happening. #cybersecurity https://t.co/Oaz8nmfI3q
@cybertzar
9 Jun 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Roundcube RCE: #Darkweb activity signals imminent attacks (CVE-2025-49113): https://t.co/koCwHYc8cq #cyberattacks
@immuniweb
9 Jun 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Roundcube RCE: Dark #web activity signals imminent attacks (#CVE-2025-49113) https://t.co/Ez0WtdlUxP
@ScyScan
9 Jun 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HelpNet] Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113). With an exploit for a critical Roundcube vulnerability (CVE-2025-49113) being offered for sale on underground forums and a PoC exploit having been made public,... https://t.co/yt23WyBkrV
@shah_sheikh
9 Jun 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
For the last few days, we are reporting out Roundcube CVE-2025-49113 vulnerable instances (allows remote code execution by authenticated users). Roundcube vulnerabilities have been frequently used for targeted attacks by possible state actors. We see ~84K unpatched worldwide. ht
@Shadowserver
8 Jun 2025
2832 Impressions
14 Retweets
26 Likes
7 Bookmarks
1 Reply
1 Quote
¡¡WARNNING¡¡ CVE-2025-49113-Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.🚨CRITICAL
@ESFERARED
8 Jun 2025
128 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-24919 2 - CVE-2025-32756 3 - CVE-2024-6387 4 - CVE-2025-30397 5 - CVE-2025-49113 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
8 Jun 2025
110 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers are exploiting CVE-2025-49113, a critical vulnerability in Roundcube versions 1.1.0-1.6.10, enabling remote code execution. Exploits are being sold quickly after reveal. Stay alert! 🔒 #Email #Hacking #Australia https://t.co/qX1bRp3RhS
@SECURE_TECHS
7 Jun 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
چه CVE-2025-49113 خفنی اومده
@l0ni7_ir
7 Jun 2025
430 Impressions
1 Retweet
12 Likes
1 Bookmark
2 Replies
0 Quotes
Biraz ortalık şenlensin 🤣 CVE-2025-49113 - Roundcube Remote Code Execution exploit https://t.co/3KX7abBFQB
@electrocode
7 Jun 2025
855 Impressions
1 Retweet
19 Likes
11 Bookmarks
1 Reply
0 Quotes
Thrilled to join @Tburgeswatson on @AlArabiya_Eng to discuss @FearsOff 's latest critical discovery, CVE-2025-49113, a ground-breaking Roundcube vulnerability reported by our CEO, @k_firsov. This flaw poses significant national security risks, and with the exploit now public, ht
@mar1hachem
7 Jun 2025
145 Impressions
1 Retweet
8 Likes
0 Bookmarks
2 Replies
0 Quotes
CVE-2025-49113 (CVSS:9.9, CRITICAL) is Awaiting Analysis. Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the ..https://t.co/Amq8Ti4UOo #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
7 Jun 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
why you'd allow 'proc_open' on your webmail client in the first place? (like pretty much every webmail client in existence) CVE-2025-49113 - obv roundcube can run as a unikernel - https://t.co/7R03dCfjHH it's only "weaponized" if you let it
@nanovms
7 Jun 2025
191 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - hakaioffsec/CVE-2025-49113-exploit: Proof of Concept demonstrating Remote Code Execution through insecure deserialization in Roundcube (CVE-2025-49113). https://t.co/XAkQdKBRZT
@akaclandestine
6 Jun 2025
1609 Impressions
9 Retweets
27 Likes
11 Bookmarks
0 Replies
0 Quotes
🚨 We've added a new signature to our Suricata ruleset for the critical vulnerability CVE-2025-49113 in Roundcube, previously reproduced by @ptswarm. This RCE vulnerability potentially exposes millions of hosts worldwide. Update your rules now: https://t.co/Bom73mlzFQ #Suricata
@AttackDetection
6 Jun 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Roundcube Risks CVE-2025-49113 vul analysis https://t.co/kvX9t6ymid CVE-2024-42009 https://t.co/GPyhSCFihi https://t.co/quZm7j9sZr
@blackorbird
6 Jun 2025
904 Impressions
2 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨Alert: Positive Technologies has confirmed the deadly CVE-2025-49113 exploit—authenticated users can run arbitrary commands through PHP object deserialization. Read: https://t.co/QGsfVjdIAS Action: Update Roundcube immediately to the latest version.
@TheHackersNews
6 Jun 2025
9433 Impressions
19 Retweets
31 Likes
3 Bookmarks
0 Replies
2 Quotes
CVE-2025-49113: Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.. https://t.co/nMsi4hb9g
@cyber_advising
6 Jun 2025
993 Impressions
3 Retweets
14 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨 A Critical Vulnerability exists in Roundcube Webmail (CVE-2025-49113). Please see the @ncsc_gov_ie advisory for more info: https://t.co/OHM1O1Dw1E
@ncsc_gov_ie
6 Jun 2025
141 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
В продаже появился эксплоит для критической уязвимости в Roundcube Эксперты предупреждают, что хакеры начинают эксплуатировать свежую уязвимость (CVE-2025-49113)
@XakepRU
6 Jun 2025
545 Impressions
1 Retweet
2 Likes
2 Bookmarks
0 Replies
0 Quotes
ハッカーがRoundcubeウェブメールの致命的な脆弱性を販売、技術情報も明らかに(CVE-2025-49113) https://t.co/oRd8HnxjyC #Security #セキュリティ #ニュース
@SecureShield_
6 Jun 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers are exploiting CVE-2025-49113, a critical vulnerability in Roundcube versions 1.1.0-1.6.10, enabling remote code execution. Exploits are being sold quickly after reveal. Stay alert! 🔒 #Email #Hacking #Australia https://t.co/QRugMBgAhV
@TweetThreatNews
6 Jun 2025
57 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
2025-06-05 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization [CVE-2025-49113] https://t.co/2JQjXZCuzG https://t.co/9pwUJTT8xC
@motikan2010
6 Jun 2025
194 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-49113 - critical 🚨 Roundcube Webmail - Remote Code Execution > Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution ... 👾 https://t.co/ohT0mih1ej @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
6 Jun 2025
188 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CVE-2025-49113 – Authenticated RCE in Roundcube via unsafe deserialization in upload.php (via @FearsOff) PoC-based detection template and full details in comments. https://t.co/W1MG1NbeqM
@pdnuclei
5 Jun 2025
18802 Impressions
60 Retweets
255 Likes
112 Bookmarks
2 Replies
0 Quotes
Hackers are likely starting to exploit CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. https://t.co/aHd0TFwutV https://t.co/Kv6fCcA5O8
@ngnicky
5 Jun 2025
186 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes