CVE-2025-49113

🚨CVE-2025-49113: Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization FOFA Link: https://t.co/n8KZhhhs11 FOFA Query: app="roundcube" Results: 51,584,735 Advisory: https://t.co/ctSkVwwXDk CVSS: 9.9 https://t.co/u51dKTv92k

🚨 CVE-2025-49113 #RCE Alert! A 10-year-old flaw in Roundcube Webmail is now weaponized. Attackers exploit PHP deserialization to run arbitrary code. Over 1.9M instances at risk! 📄 Read full advisory: https://t.co/M8L5gynxA5 #CyberSecurity https://t.co/NZihmnHBTL

Több mint 84 000 Roundcube levelezőrendszer sebezhető világszerte Kiril Firsov biztonsági kutató fedezte fel a CVE-2025-49113 számon nyilván tartott sebezhetőséget, amely távoli kódfuttatást (RCE) tesz lehetővé a Roundcube nevű webmail szolgáltatás 1.1.0 és az

🚨 Critical Roundcube Webmail RCE (CVE-2025-49113) 🚨 A 10-year-old flaw in Roundcube Webmail is actively exploited for Remote Code Execution (CVSS 9.9). Over 84,000 servers at risk. ✅ Patch ASAP to 1.6.11 / 1.5.10. 🚫 Stop potential full server compromise. #Roundcube

⚠ Critical RCE in Roundcube Mail (CVE-2025-49113)! #Mageia 9’s latest update patches a Post-Auth Remote Code Execution flaw. If you self-host email: ✅ Update NOW ✅ Audit logs ✅ Check for IOCs Read more: 👇https://t.co/hG7xhBvdL4 #InfoSec #SysAdmin https://t.co/4D9

Vulnerabilidad en Roundcube Webmail: Un fallo crítico (CVE-2025-49113, CVSS 9.9) en Roundcube Webmail permite a usuarios autenticados tomar control total de servidores. Parches fueron lanzados el 1 de junio de 2025, pero muchas instalaciones siguen expuestas. https://t.co/4XM9Dn

🚨 #CVE-2025-49113 – Authenticated RCE in Roundcube via Unsafe Deserialization in uploadphp https://t.co/jH1wZZNjdE Educational Purposes!

Roundcube Mail后台代码执行漏洞复现（CVE-2025-49113）及POC

脆弱性の悪用により8万以上のRoundcubeサーバーに影響(CVE-2025-49113) https://t.co/jH5Wekq1Q4 #Security #セキュリティ #ニュース

Over 84,000 Roundcube webmail installations are vulnerable to CVE-2025-49113, a critical remote code execution flaw affecting versions 1.1.0 to 1.6.10. https://t.co/TI9Ac6WbJt

Exploited Vulnerability Impacts Over 80,000 Roundcube Servers Over 85,000 Roundcube webmail servers are vulnerable to a critical RCE flaw (CVE-2025-49113, CVSS 9.9) affecting versions 1.1.0 to 1.6.10. The bug, a PHP Object Injection issue stemming from mishandled variable names,

🗞️ Over 84,000 Roundcube webmail instances are vulnerable to a critical remote code execution flaw (CVE-2025-49113), with public exploits circulating and active attacks likely. System admins are urged to patch to versions 1.6.11 or 1.5.10 immediately Key takeaways: 🧵 htt

Plus de 84 000 instances Roundcube exposées à une faille d’exécution de code à distance (RCE) critique (CVE-2025-49113) activement exploitée. https://t.co/moIuwjwSnp

CVE-2025-49113 - Roundcube - Remote Code Execution

Over 80,000 Roundcube servers running versions 1.1.0 to 1.6.10 are vulnerable to a critical remote code execution flaw (CVE-2025-49113). Exploitation via brute-force or log extraction poses major risks. 🔓 #Webmail #Vulnerability #UK https://t.co/wEyQ9OfV0C

Roundcube RCE: Dark Web Activity Signals Imminent Attacks (CVE-2025-49113) As digital defense becomes an integral part of the twenty-first-century b https://t.co/r8N4OXxaih https://t.co/901jgwtEPw

🚨 Over 84,000 Roundcube instances at risk due to CVE-2025-49113 RCE vulnerability with public exploit available. Take immediate action. #CyberSecurity #InfoSec https://t.co/uWHt6sQuMM

🚨 Más de 84,000 servidores Roundcube son vulnerables a la falla crítica CVE-2025-49113. Ya existe exploit público y están bajo riesgo de explotación activa. Se recomienda actualizar urgentemente a la versión 1.6.11. #Roundcube #CVE202549113 #SISAPNews https://t.co/GeP9F

84,000以上のRoundcubeインスタンスに脆弱性、積極的に悪用される恐れ(CVE-2025-49113) https://t.co/VF8MSEENtk #Security #セキュリティ #ニュース

84,000以上のRoundcubeインスタンスが、重大(Critical)な遠隔コード実行の脆弱性CVE-2025-49113に対し脆弱な状態で露出している。Shadowserver Foundation報告。米国(19,500)、インド(15,500)、ドイツ(13,600)、フランス(3,600)、カナ

🚨CVE-2025-49113: Proof of Concept Demonstrating Remote Code Execution Through Insecure Deserialization in Roundcube https://t.co/OgWMg48qD9

Urgent: Roundcube users vulnerable to remote code execution flaw (CVE-2025-49113). Patch now:https://t.co/X7ltthflZi #Cybersecurity #InfoSec #PatchYourSystem

A critical RCE vulnerability in Roundcube webmail, CVE-2025-49113, affects versions 1.1.0 to 1.6.10. It allows attacks via PHP object deserialization, impacting 1.2M instances. A patch was issued on June 1, 2025 https://t.co/xGif7MC4x3 https://t.co/zcVnLZH1OP

Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113) https://t.co/wUtVMy2O8Z #HelpNetSecurity #Cybersecurity https://t.co/5OnH2vexDi

With an exploit for a critical Roundcube vulnerability (CVE-2025-49113) being offered for sale on underground forums and a PoC exploit having been made public, attacks exploiting the flaw are incoming and possibly already happening. #cybersecurity https://t.co/Oaz8nmfI3q

Roundcube RCE: #Darkweb activity signals imminent attacks (CVE-2025-49113): https://t.co/koCwHYc8cq #cyberattacks

#Roundcube RCE: Dark #web activity signals imminent attacks (#CVE-2025-49113) https://t.co/Ez0WtdlUxP

[HelpNet] Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113). With an exploit for a critical Roundcube vulnerability (CVE-2025-49113) being offered for sale on underground forums and a PoC exploit having been made public,... https://t.co/yt23WyBkrV

For the last few days, we are reporting out Roundcube CVE-2025-49113 vulnerable instances (allows remote code execution by authenticated users). Roundcube vulnerabilities have been frequently used for targeted attacks by possible state actors. We see ~84K unpatched worldwide. ht

¡¡WARNNING¡¡ CVE-2025-49113-Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.🚨CRITICAL

Top 5 Trending CVEs: 1 - CVE-2024-24919 2 - CVE-2025-32756 3 - CVE-2024-6387 4 - CVE-2025-30397 5 - CVE-2025-49113 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

Hackers are exploiting CVE-2025-49113, a critical vulnerability in Roundcube versions 1.1.0-1.6.10, enabling remote code execution. Exploits are being sold quickly after reveal. Stay alert! 🔒 #Email #Hacking #Australia https://t.co/qX1bRp3RhS

چه CVE-2025-49113 خفنی اومده

Biraz ortalık şenlensin 🤣 CVE-2025-49113 - Roundcube Remote Code Execution exploit https://t.co/3KX7abBFQB

Thrilled to join @Tburgeswatson on @AlArabiya_Eng to discuss @FearsOff 's latest critical discovery, CVE-2025-49113, a ground-breaking Roundcube vulnerability reported by our CEO, @k_firsov. This flaw poses significant national security risks, and with the exploit now public, ht

CVE-2025-49113 (CVSS:9.9, CRITICAL) is Awaiting Analysis. Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the ..https://t.co/Amq8Ti4UOo #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

why you'd allow 'proc_open' on your webmail client in the first place? (like pretty much every webmail client in existence) CVE-2025-49113 - obv roundcube can run as a unikernel - https://t.co/7R03dCfjHH it's only "weaponized" if you let it

GitHub - hakaioffsec/CVE-2025-49113-exploit: Proof of Concept demonstrating Remote Code Execution through insecure deserialization in Roundcube (CVE-2025-49113). https://t.co/XAkQdKBRZT

🚨 We've added a new signature to our Suricata ruleset for the critical vulnerability CVE-2025-49113 in Roundcube, previously reproduced by @ptswarm. This RCE vulnerability potentially exposes millions of hosts worldwide. Update your rules now: https://t.co/Bom73mlzFQ #Suricata

Roundcube Risks CVE-2025-49113 vul analysis https://t.co/kvX9t6ymid CVE-2024-42009 https://t.co/GPyhSCFihi https://t.co/quZm7j9sZr

🚨Alert: Positive Technologies has confirmed the deadly CVE-2025-49113 exploit—authenticated users can run arbitrary commands through PHP object deserialization. Read: https://t.co/QGsfVjdIAS Action: Update Roundcube immediately to the latest version.

CVE-2025-49113: Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.. https://t.co/nMsi4hb9g

🚨 A Critical Vulnerability exists in Roundcube Webmail (CVE-2025-49113). Please see the @ncsc_gov_ie advisory for more info: https://t.co/OHM1O1Dw1E

В продаже появился эксплоит для критической уязвимости в Roundcube Эксперты предупреждают, что хакеры начинают эксплуатировать свежую уязвимость (CVE-2025-49113)

ハッカーがRoundcubeウェブメールの致命的な脆弱性を販売、技術情報も明らかに(CVE-2025-49113) https://t.co/oRd8HnxjyC #Security #セキュリティ #ニュース

Hackers are exploiting CVE-2025-49113, a critical vulnerability in Roundcube versions 1.1.0-1.6.10, enabling remote code execution. Exploits are being sold quickly after reveal. Stay alert! 🔒 #Email #Hacking #Australia https://t.co/QRugMBgAhV

2025-06-05 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization [CVE-2025-49113] https://t.co/2JQjXZCuzG https://t.co/9pwUJTT8xC

🚨 CVE-2025-49113 - critical 🚨 Roundcube Webmail - Remote Code Execution > Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution ... 👾 https://t.co/ohT0mih1ej @pdnuclei #NucleiTemplates #cve

🚨 CVE-2025-49113 – Authenticated RCE in Roundcube via unsafe deserialization in upload.php (via @FearsOff) PoC-based detection template and full details in comments. https://t.co/W1MG1NbeqM

Hackers are likely starting to exploit CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. https://t.co/aHd0TFwutV https://t.co/Kv6fCcA5O8