CVE-2025-49113
Published Jun 2, 2025
Last updated 4 months ago
AI description
CVE-2025-49113 is a remote code execution vulnerability affecting Roundcube Webmail versions before 1.5.10 and 1.6.x before 1.6.11. It stems from the insufficient validation of the `_from` parameter in the `program/actions/settings/upload.php` file. This lack of validation allows for PHP Object Deserialization, potentially enabling authenticated users to execute arbitrary code on the Roundcube Webmail server. The vulnerability has been addressed in Roundcube Webmail versions 1.5.10 and 1.6.11.
- Description
- Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- webmail, debian_linux
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- RoundCube Webmail Deserialization of Untrusted Data Vulnerability
- Exploit added on
- Feb 20, 2026
- Exploit action due
- Mar 13, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
5
Critical RCE in Roundcube 🤯🔥 Your inbox could be the attack vector. CVE-2025-49113 allows Remote Code Execution on vulnerable Roundcube instances, putting countless email servers at risk. 🚨 👨💻 AirCorridor / Hackers-Arise 🔗 https://t.co/R8St5Ly3ml #CyberSe
@luckyhacker43
14 Jun 2026
2151 Impressions
16 Retweets
64 Likes
32 Bookmarks
4 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2018-17144 2 - CVE-2026-46243 3 - CVE-2026-49975 4 - CVE-2025-49113 5 - CVE-2026-28318 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
7 Jun 2026
95 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-49113 2 - CVE-2026-26980 3 - CVE-2026-31635 4 - CVE-2026-34908 5 - CVE-2026-42897 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
25 May 2026
154 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49113 is a critical authenticated remote-code-execution flaw in Roundcube webmail — the default in cPanel, Plesk, and many hosting stacks — caused by insufficient validation of the _from upload parameter that lets attackers inject malicious PHP-serialized objects int
@bytecodevm
23 May 2026
311 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Your email server might be vulnerable! CVE-2025-49113 allows attackers to compromise servers without authentication. https://t.co/t6mRtvwXrh @three_cube @DI0256 @IamSmouk @co11ateral https://t.co/a9gyDen9o4
@_aircorridor
22 May 2026
14360 Impressions
33 Retweets
191 Likes
122 Bookmarks
2 Replies
0 Quotes
I just completed Roundcube: CVE-2025-49113 room on TryHackMe! Exploit CVE-2025-49113 in a lab environment. https://t.co/hEntzj5esa #tryhackme via @tryhackme #tryhackme #learning #consistency
@LittleSun4lower
7 May 2026
258 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added RoundCube Webmail vulnerabilities CVE-2025-49113 & CVE-2025-68461 to our Known Exploited Vulnerabilities Catalog.
@NexusForgeCyber
16 Mar 2026
14 Impressions
3 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Alerta de Seguridad: Vulnerabilidad de Deserialización de Datos No Confiables en RoundCube Webmail (CVE-2025-49113) RoundCube Webmail presenta una vulnerabilidad crítica de deserialización de datos no confiables (CWE-502) que permite ejecución remota de código (RCE)
@CiberPlanetaOrg
16 Mar 2026
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49113 | 42 mentions | Vendors: debian, roundcube | Active Exploitation | debian_linux, webmail | 11[.]0 VulnSocial - your risk exposure provider. https://t.co/S4rp6ysUQi https://t.co/8FZCTFa4R0
@vulnsocial
9 Mar 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 30 CVEs for ecosystem (30 days). Top CVEs: CVE-2025-40538, CVE-2025-49113, CVE-2022-20775 VulnSocial — your risk exposure provider. #vulnsocial #CVE #CyberSecurity #VulnerabilityManagement https://t.co/S02Q7THYkX
@vulnsocial
7 Mar 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49113 | 42 mentions | Vendors: debian, roundcube | Active Exploitation | debian_linux, webmail | 11[.]0 VulnSocial - your risk exposure provider. https://t.co/S4rp6ysUQi
@vulnsocial
7 Mar 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Roundcube: CVE-2025-49113 room on TryHackMe! Exploit CVE-2025-49113 in a lab environment. https://t.co/nETHBhX5I5 #tryhackme via @tryhackme
@ToTo13ru_xakep
4 Mar 2026
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 30 CVEs for debian (30 days). Top CVEs: CVE-2011-2523, CVE-2016-5195, CVE-2025-49113 Vendors: debian VulnSocial — your risk exposure provider. #vulnsocial #Debian #CVE #CyberSecurity #VulnerabilityManagement https://t.co/iUn30r73W2
@vulnsocial
3 Mar 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV 警告 26/02/20: Roundcube の脆弱性 CVE-2025-49113/68461 を登録 https://t.co/FQxWlp7ZYk オープンソースの Web メール・クライアントとして普及している Roundcube Webmail において、実環境での悪用が確認された 2 件の深
@iototsecnews
2 Mar 2026
124 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CVE-2025-49113 and CVE-2025-68461 Added to CISA KEV Catalog CISA adds CVE-2025-49113 and CVE-2025-68461 to KEV Catalog; federal agencies must remediate by March 13, 2026. CVE: CVE-2025-49113, CVE… https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Adds Critical Roundcube Vulnerabilities to KEV Catalog CISA added CVE-2025-49113 and CVE-2025-68461 to KEV Catalog due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: N/A … https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Adds CVE-2025-49113 and CVE-2025-68461 to KEV Catalog CISA added two Roundcube Webmail vulnerabilities to KEV Catalog due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: Unkno… https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CVE-2025-49113: Critical RCE Vulnerability in Roundcube Critical RCE vulnerability in Roundcube; patch released. CVE: CVE-2025-49113 • APT: N/A • Status: EXPLOITED Immediate patching required to… https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Adds CVE-2025-49113 to KEV Catalog CISA adds CVE-2025-49113 to KEV Catalog; agencies must remediate by March 13. CVE: CVE-2025-49113 • APT: N/A • Status: ACTIVE Federal agencies must act by… https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] RoundCube Webmail Vulnerabilities Added to CISA's KEV List CISA adds two RoundCube Webmail flaws to KEV list; exploitation by APT28 and Winter Vivern observed. CVE: CVE-2025-49113, CVE-2025-68… https://t.co/YUrXNPqYU3
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Adds RoundCube Webmail Vulnerabilities to KEV List CVE-2025-49113 and CVE-2025-68461 in RoundCube Webmail pose significant risks. CVE: CVE-2025-49113, CVE-2025-68461 • APT: APT28 • Status… https://t.co/YUrXNPqYU3
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] RoundCube Webmail Vulnerabilities Added to KEV List CISA adds two RoundCube flaws to its Known Exploited Vulnerabilities list. CVE: CVE-2025-49113, CVE-2025-68461 • APT: APT28 • Status: ACTIVE… https://t.co/YUrXNPqr4v
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Warns of Active Exploitation of RoundCube Webmail Flaws CISA alerts on active exploitation of CVE-2025-49113 and CVE-2025-68461 in RoundCube Web… https://t.co/tUOR2W8DOw
@MysocAi
25 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Flags Actively Exploited Roundcube Webmail Vulnerabilities CISA added CVE-2025-49113 and CVE-2025-68461 to its KEV catalogue amid active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: Unk… https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Adds Roundcube Vulnerabilities to KEV Catalog CISA added CVE-2025-49113 and CVE-2025-68461 to KEV due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • Status: ACTIVE Indicates widespread … https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Flags Actively Exploited Roundcube Vulnerabilities CISA added CVE-2025-49113 and CVE-2025-68461 to KEV list due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: APT34 • Status: ACTIVE Aff… https://t.co/kYM2rfE8Mb
@MysocAi
25 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Adds Actively Exploited Roundcube Webmail Vulnerabilities to KEV Catalog CISA warns of active exploitation of CVE-2025-49113 and CVE-2025-68461 in Roundcube Webmail. CVE: CVE-2025-49113, CVE-2025-6… https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Adds Roundcube Webmail Flaws to KEV Catalog CVE-2025-49113 and CVE-2025-68461 added due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: N/A • Status: ACTIVE Critical vulnerabili… https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Adds Roundcube Webmail Vulnerabilities to KEV Catalog CVE-2025-49113 and CVE-2025-68461 added due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: Unknown • Status: ACTIVE Critical v… https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA alerts on active exploits of patched Roundcube Webmail flaws CVE-2025-49113 & CVE-2025-68461 tied to Winter Vivern and APT28. New AI-assisted Arkanix Stealer targets browsers, wallets, and games. #WinterVivern #ArkanixStealer #USA https://t.co/MoviDe2Gfl
@TweetThreatNews
25 Feb 2026
163 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CVE-2025-49113 and CVE-2025-68461 Exploited in RoundCube CISA warns of active exploitation of two critical vulnerabilities in RoundCube Webmail. CVE… https://t.co/tUOR2W8DOw
@MysocAi
24 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CVE-2025-49113 and CVE-2025-68461 in RoundCube Webmail Actively Exploited CISA warns of active exploitation of critical vulnerabilities in RoundCube … https://t.co/tUOR2W8DOw
@MysocAi
24 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49113 / CVE-2025-68461 ⚠️ Roundcube Webmail – Actively Exploited RCE & XSS (CISA KEV) CISA has added CVE-2025-49113 and CVE-2025-68461 to its KEV catalogue following confirmation of active in-the-wild exploitation targeting Roundcube Webmail. CVE-2025-49
@modat_magnify
24 Feb 2026
115 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Warns of Actively Exploited Roundcube Vulnerabilities CISA issues warning on CVE-2025-49113 and CVE-2025-68461 in Roundcube Webmail, urging prom… https://t.co/tUOR2W8DOw
@MysocAi
24 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Updates KEV Catalog with RoundCube Webmail Vulnerabilities CISA adds CVE-2025-49113 and CVE-2025-68461 to KEV catalog amid active exploitation. … https://t.co/tUOR2W8DOw
@MysocAi
24 Feb 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CISA Warns of RoundCube Webmail Exploits CISA alerts on activ… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unspecified ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Affects webmail services, risking unauthorized access. 🔗 https://t.co
@MysocAi
24 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CISA Warns of Active Exploitation of Roundcube Webmail Vulnerabilities CISA adds two Roundc… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Requires immediate remediation to prevent expl
@MysocAi
24 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 RoundCube RCE Actively Exploited (CVE-2025-49113) Unauthenticated remote code execution Added to CISA KEV Mass scanning observed within 24h If you're running self-hosted RoundCube ≤1.6.9 and internet-facing — patch immediately. Tactical breakdown + mitigation steps: http
@ByteVanguardSec
24 Feb 2026
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [CRITICAL] CISA Warns of Actively Exploited RoundCube Webmail Vulnerabilities CISA alerts on CVE-2… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: N/A ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Immediate patching required to prevent exploitatio
@MysocAi
24 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [CRITICAL] CISA Warns of Active Exploitation of Roundcube Vulnerabilities CISA alerts on activ… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Requires immediate patching to prevent unauthorize
@MysocAi
24 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [CRITICAL] CISA Warns of Roundcube Webmail Vulnerabilities CISA issues warning … 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Exploitation for Privilege Escalation ⚔️ Requires immediate patching to preven
@MysocAi
24 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CISA Flags Actively Exploited Roundcube Webmail Vulnerabilities CISA adds CVE-2025-4… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: N/A ⚡ Status: ACTIVE 🎯 MITRE: Exploitation for Privilege Escalation, Exploitation for Defense Evasion ⚔️ Active expl
@MysocAi
23 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV: Roundcube webmail flaws CVE-2025-49113 (9.9 RCE) & CVE-2025-68461 (XSS) actively exploited Authenticated attackers can execute code #OpChildSafe: Patch Roundcube IMMEDIATELY Weak email =open door for ransomware & data theft Protect the vulnerable 🕊️🔥 #Ze
@Saints16294225
23 Feb 2026
184 Impressions
5 Retweets
9 Likes
0 Bookmarks
0 Replies
0 Quotes
Roundcube vulnerabilities (CVE-2025-49113, CVE-2025-68461) and BeyondTrust CVE-2026-1731 exploited in ransomware attacks delivering SparkRAT and VShell. PayPal and FICOBA breaches affect millions. AI and quantum security make progress. #BeyondTrust #PayPal https://t.co/fND6z5Jb1x
@TweetThreatNews
23 Feb 2026
44 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CISA Adds Roundcube Vulnerabilities to KEV Catalog CISA added CVE-2025-… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Affects widespread webmail service. 🔗 https://t.co/bzdGek9pqI
@MysocAi
23 Feb 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added two Roundcube webmail vulnerabilities to its KEV catalog due to active exploitation. CVE-2025-49113 (CVSS 9.9) allows remote code execution via an unvalidated URL parameter and was reported by FearsOff's Kirill Firsov. https://t.co/QKlBd3Uyyy
@securityRSS
23 Feb 2026
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [CRITICAL] CISA Flags Actively Exploited Roundcube Vulnerabilities CISA added CVE-2025-… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Emphasizes urgency in patching webmail systems. 🔗
@MysocAi
23 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔵 [CRITICAL] CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog … 🔴 CVE-2025-49113 ✅ Patch systems within three weeks. 🔗 https://t.co/h6KfxDWDG8 #CyberSecurity #ThreatIntel #S
@MysocAi
23 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔵 [CRITICAL] CISA Orders Feds to Patch Actively Exploited Dell Flaw Within 3 Days … 🔴 CVE-2025-49113 ✅ Apply the patch immediately. 🔗 https://t.co/pu8Vv4yQ46 #CyberSecurity #ThreatIn
@MysocAi
23 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔵 [HIGH] CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog … 🔴 CVE-2025-49113 ✅ Patch systems by March 14, 2026. 🔗 https://t.co/h6KfxDWDG8 #CyberSecurity #ThreatIntel #SOC #m
@MysocAi
23 Feb 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD2AF8E-DC67-45E3-ABC2-872B771C88C5",
"versionEndExcluding": "1.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DA16DB4-CE88-4E84-BBD6-2A749FFDA43D",
"versionEndExcluding": "1.6.11",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]