CVE-2025-49113

Published Jun 2, 2025

Last updated 2 days ago

CVSS critical 9.9
Roundcube Webmail

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-49113 is a remote code execution vulnerability affecting Roundcube Webmail versions before 1.5.10 and 1.6.x before 1.6.11. It stems from the insufficient validation of the `_from` parameter in the `program/actions/settings/upload.php` file. This lack of validation allows for PHP Object Deserialization, potentially enabling authenticated users to execute arbitrary code on the Roundcube Webmail server. The vulnerability has been addressed in Roundcube Webmail versions 1.5.10 and 1.6.11.

Description
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.9
Impact score
6
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

cve@mitre.org
CWE-502

Social media

Hype score
Not currently trending
  1. 🚨CVE-2025-49113: Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization FOFA Link: https://t.co/n8KZhhhs11 FOFA Query: app="roundcube" Results: 51,584,735 Advisory: https://t.co/ctSkVwwXDk CVSS: 9.9 https://t.co/u51dKTv92k

    @DarkWebInformer

    13 Jun 2025

    4169 Impressions

    6 Retweets

    41 Likes

    15 Bookmarks

    2 Replies

    0 Quotes

  2. 🚨 CVE-2025-49113 #RCE Alert! A 10-year-old flaw in Roundcube Webmail is now weaponized. Attackers exploit PHP deserialization to run arbitrary code. Over 1.9M instances at risk! 📄 Read full advisory: https://t.co/M8L5gynxA5 #CyberSecurity https://t.co/NZihmnHBTL

    @sequretek_sqtk

    13 Jun 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Több mint 84 000 Roundcube levelezőrendszer sebezhető világszerte Kiril Firsov biztonsági kutató fedezte fel a CVE-2025-49113 számon nyilván tartott sebezhetőséget, amely távoli kódfuttatást (RCE) tesz lehetővé a Roundcube nevű webmail szolgáltatás 1.1.0 és az

    @linuxmint_hun

    13 Jun 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 Critical Roundcube Webmail RCE (CVE-2025-49113) 🚨 A 10-year-old flaw in Roundcube Webmail is actively exploited for Remote Code Execution (CVSS 9.9). Over 84,000 servers at risk. ✅ Patch ASAP to 1.6.11 / 1.5.10. 🚫 Stop potential full server compromise. #Roundcube

    @ZBounty18591

    13 Jun 2025

    10 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. ⚠ Critical RCE in Roundcube Mail (CVE-2025-49113)! #Mageia 9’s latest update patches a Post-Auth Remote Code Execution flaw. If you self-host email: ✅ Update NOW ✅ Audit logs ✅ Check for IOCs Read more: 👇https://t.co/hG7xhBvdL4 #InfoSec #SysAdmin https://t.co/4D9

    @Cezar_H_Linux

    12 Jun 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Vulnerabilidad en Roundcube Webmail: Un fallo crítico (CVE-2025-49113, CVSS 9.9) en Roundcube Webmail permite a usuarios autenticados tomar control total de servidores. Parches fueron lanzados el 1 de junio de 2025, pero muchas instalaciones siguen expuestas. https://t.co/4XM9Dn

    @AlfonsoBalcells

    12 Jun 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 #CVE-2025-49113 – Authenticated RCE in Roundcube via Unsafe Deserialization in uploadphp https://t.co/jH1wZZNjdE Educational Purposes!

    @UndercodeUpdate

    11 Jun 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Roundcube Mail后台代码执行漏洞复现(CVE-2025-49113)及POC

    @WenhuaGui

    11 Jun 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 脆弱性の悪用により8万以上のRoundcubeサーバーに影響(CVE-2025-49113) https://t.co/jH5Wekq1Q4 #Security #セキュリティ #ニュース

    @SecureShield_

    11 Jun 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Over 84,000 Roundcube webmail installations are vulnerable to CVE-2025-49113, a critical remote code execution flaw affecting versions 1.1.0 to 1.6.10. https://t.co/TI9Ac6WbJt

    @securityRSS

    10 Jun 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Exploited Vulnerability Impacts Over 80,000 Roundcube Servers Over 85,000 Roundcube webmail servers are vulnerable to a critical RCE flaw (CVE-2025-49113, CVSS 9.9) affecting versions 1.1.0 to 1.6.10. The bug, a PHP Object Injection issue stemming from mishandled variable names,

    @dCypherIO

    10 Jun 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🗞️ Over 84,000 Roundcube webmail instances are vulnerable to a critical remote code execution flaw (CVE-2025-49113), with public exploits circulating and active attacks likely. System admins are urged to patch to versions 1.6.11 or 1.5.10 immediately Key takeaways: 🧵 htt

    @gossy_84

    10 Jun 2025

    75 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Plus de 84 000 instances Roundcube exposées à une faille d’exécution de code à distance (RCE) critique (CVE-2025-49113) activement exploitée. https://t.co/moIuwjwSnp

    @cert_ist

    10 Jun 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2025-49113 - Roundcube - Remote Code Execution

    @ghostbugste

    10 Jun 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Over 80,000 Roundcube servers running versions 1.1.0 to 1.6.10 are vulnerable to a critical remote code execution flaw (CVE-2025-49113). Exploitation via brute-force or log extraction poses major risks. 🔓 #Webmail #Vulnerability #UK https://t.co/wEyQ9OfV0C

    @TweetThreatNews

    10 Jun 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Roundcube RCE: Dark Web Activity Signals Imminent Attacks (CVE-2025-49113) As digital defense becomes an integral part of the twenty-first-century b https://t.co/r8N4OXxaih https://t.co/901jgwtEPw

    @AegisLens

    10 Jun 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 🚨 Over 84,000 Roundcube instances at risk due to CVE-2025-49113 RCE vulnerability with public exploit available. Take immediate action. #CyberSecurity #InfoSec https://t.co/uWHt6sQuMM

    @not2cleverdotme

    10 Jun 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨 Más de 84,000 servidores Roundcube son vulnerables a la falla crítica CVE-2025-49113. Ya existe exploit público y están bajo riesgo de explotación activa. Se recomienda actualizar urgentemente a la versión 1.6.11. #Roundcube #CVE202549113 #SISAPNews https://t.co/GeP9F

    @SISAP_LATAM

    10 Jun 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 84,000以上のRoundcubeインスタンスに脆弱性、積極的に悪用される恐れ(CVE-2025-49113) https://t.co/VF8MSEENtk #Security #セキュリティ #ニュース

    @SecureShield_

    10 Jun 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 84,000以上のRoundcubeインスタンスが、重大(Critical)な遠隔コード実行の脆弱性CVE-2025-49113に対し脆弱な状態で露出している。Shadowserver Foundation報告。米国(19,500)、インド(15,500)、ドイツ(13,600)、フランス(3,600)、カナ

    @__kokumoto

    9 Jun 2025

    8 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 🚨CVE-2025-49113: Proof of Concept Demonstrating Remote Code Execution Through Insecure Deserialization in Roundcube https://t.co/OgWMg48qD9

    @DarkWebInformer

    9 Jun 2025

    3720 Impressions

    8 Retweets

    28 Likes

    16 Bookmarks

    1 Reply

    0 Quotes

  22. Urgent: Roundcube users vulnerable to remote code execution flaw (CVE-2025-49113). Patch now:https://t.co/X7ltthflZi #Cybersecurity #InfoSec #PatchYourSystem

    @threatlight

    9 Jun 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. A critical RCE vulnerability in Roundcube webmail, CVE-2025-49113, affects versions 1.1.0 to 1.6.10. It allows attacks via PHP object deserialization, impacting 1.2M instances. A patch was issued on June 1, 2025 https://t.co/xGif7MC4x3 https://t.co/zcVnLZH1OP

    @AlternativeTo

    9 Jun 2025

    357 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  24. Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113) https://t.co/wUtVMy2O8Z #HelpNetSecurity #Cybersecurity https://t.co/5OnH2vexDi

    @PoseidonTPA

    9 Jun 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. With an exploit for a critical Roundcube vulnerability (CVE-2025-49113) being offered for sale on underground forums and a PoC exploit having been made public, attacks exploiting the flaw are incoming and possibly already happening. #cybersecurity https://t.co/Oaz8nmfI3q

    @cybertzar

    9 Jun 2025

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Roundcube RCE: #Darkweb activity signals imminent attacks (CVE-2025-49113): https://t.co/koCwHYc8cq #cyberattacks

    @immuniweb

    9 Jun 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. #Roundcube RCE: Dark #web activity signals imminent attacks (#CVE-2025-49113) https://t.co/Ez0WtdlUxP

    @ScyScan

    9 Jun 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. [HelpNet] Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113). With an exploit for a critical Roundcube vulnerability (CVE-2025-49113) being offered for sale on underground forums and a PoC exploit having been made public,... https://t.co/yt23WyBkrV

    @shah_sheikh

    9 Jun 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. For the last few days, we are reporting out Roundcube CVE-2025-49113 vulnerable instances (allows remote code execution by authenticated users). Roundcube vulnerabilities have been frequently used for targeted attacks by possible state actors. We see ~84K unpatched worldwide. ht

    @Shadowserver

    8 Jun 2025

    2832 Impressions

    14 Retweets

    26 Likes

    7 Bookmarks

    1 Reply

    1 Quote

  30. ¡¡WARNNING¡¡ CVE-2025-49113-Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.🚨CRITICAL

    @ESFERARED

    8 Jun 2025

    128 Impressions

    1 Retweet

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  31. Top 5 Trending CVEs: 1 - CVE-2024-24919 2 - CVE-2025-32756 3 - CVE-2024-6387 4 - CVE-2025-30397 5 - CVE-2025-49113 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    8 Jun 2025

    110 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Hackers are exploiting CVE-2025-49113, a critical vulnerability in Roundcube versions 1.1.0-1.6.10, enabling remote code execution. Exploits are being sold quickly after reveal. Stay alert! 🔒 #Email #Hacking #Australia https://t.co/qX1bRp3RhS

    @SECURE_TECHS

    7 Jun 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. چه CVE-2025-49113 خفنی اومده

    @l0ni7_ir

    7 Jun 2025

    430 Impressions

    1 Retweet

    12 Likes

    1 Bookmark

    2 Replies

    0 Quotes

  34. Biraz ortalık şenlensin 🤣 CVE-2025-49113 - Roundcube Remote Code Execution exploit https://t.co/3KX7abBFQB

    @electrocode

    7 Jun 2025

    855 Impressions

    1 Retweet

    19 Likes

    11 Bookmarks

    1 Reply

    0 Quotes

  35. Thrilled to join @Tburgeswatson on @AlArabiya_Eng to discuss @FearsOff 's latest critical discovery, CVE-2025-49113, a ground-breaking Roundcube vulnerability reported by our CEO, @k_firsov. This flaw poses significant national security risks, and with the exploit now public, ht

    @mar1hachem

    7 Jun 2025

    145 Impressions

    1 Retweet

    8 Likes

    0 Bookmarks

    2 Replies

    0 Quotes

  36. CVE-2025-49113 (CVSS:9.9, CRITICAL) is Awaiting Analysis. Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the ..https://t.co/Amq8Ti4UOo #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    7 Jun 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. why you'd allow 'proc_open' on your webmail client in the first place? (like pretty much every webmail client in existence) CVE-2025-49113 - obv roundcube can run as a unikernel - https://t.co/7R03dCfjHH it's only "weaponized" if you let it

    @nanovms

    7 Jun 2025

    191 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. GitHub - hakaioffsec/CVE-2025-49113-exploit: Proof of Concept demonstrating Remote Code Execution through insecure deserialization in Roundcube (CVE-2025-49113). https://t.co/XAkQdKBRZT

    @akaclandestine

    6 Jun 2025

    1609 Impressions

    9 Retweets

    27 Likes

    11 Bookmarks

    0 Replies

    0 Quotes

  39. 🚨 We've added a new signature to our Suricata ruleset for the critical vulnerability CVE-2025-49113 in Roundcube, previously reproduced by @ptswarm. This RCE vulnerability potentially exposes millions of hosts worldwide. Update your rules now: https://t.co/Bom73mlzFQ #Suricata

    @AttackDetection

    6 Jun 2025

    62 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Roundcube Risks CVE-2025-49113 vul analysis https://t.co/kvX9t6ymid CVE-2024-42009 https://t.co/GPyhSCFihi https://t.co/quZm7j9sZr

    @blackorbird

    6 Jun 2025

    904 Impressions

    2 Retweets

    2 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  41. 🚨Alert: Positive Technologies has confirmed the deadly CVE-2025-49113 exploit—authenticated users can run arbitrary commands through PHP object deserialization. Read: https://t.co/QGsfVjdIAS Action: Update Roundcube immediately to the latest version.

    @TheHackersNews

    6 Jun 2025

    9433 Impressions

    19 Retweets

    31 Likes

    3 Bookmarks

    0 Replies

    2 Quotes

  42. CVE-2025-49113: Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.. https://t.co/nMsi4hb9g

    @cyber_advising

    6 Jun 2025

    993 Impressions

    3 Retweets

    14 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  43. 🚨 A Critical Vulnerability exists in Roundcube Webmail (CVE-2025-49113). Please see the @ncsc_gov_ie advisory for more info: https://t.co/OHM1O1Dw1E

    @ncsc_gov_ie

    6 Jun 2025

    141 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. В продаже появился эксплоит для критической уязвимости в Roundcube Эксперты предупреждают, что хакеры начинают эксплуатировать свежую уязвимость (CVE-2025-49113)

    @XakepRU

    6 Jun 2025

    545 Impressions

    1 Retweet

    2 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  45. ハッカーがRoundcubeウェブメールの致命的な脆弱性を販売、技術情報も明らかに(CVE-2025-49113) https://t.co/oRd8HnxjyC #Security #セキュリティ #ニュース

    @SecureShield_

    6 Jun 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Hackers are exploiting CVE-2025-49113, a critical vulnerability in Roundcube versions 1.1.0-1.6.10, enabling remote code execution. Exploits are being sold quickly after reveal. Stay alert! 🔒 #Email #Hacking #Australia https://t.co/QRugMBgAhV

    @TweetThreatNews

    6 Jun 2025

    57 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  47. 2025-06-05 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization [CVE-2025-49113] https://t.co/2JQjXZCuzG https://t.co/9pwUJTT8xC

    @motikan2010

    6 Jun 2025

    194 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. 🚨 CVE-2025-49113 - critical 🚨 Roundcube Webmail - Remote Code Execution > Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution ... 👾 https://t.co/ohT0mih1ej @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    6 Jun 2025

    188 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  49. 🚨 CVE-2025-49113 – Authenticated RCE in Roundcube via unsafe deserialization in upload.php (via @FearsOff) PoC-based detection template and full details in comments. https://t.co/W1MG1NbeqM

    @pdnuclei

    5 Jun 2025

    18802 Impressions

    60 Retweets

    255 Likes

    112 Bookmarks

    2 Replies

    0 Quotes

  50. Hackers are likely starting to exploit CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. https://t.co/aHd0TFwutV https://t.co/Kv6fCcA5O8

    @ngnicky

    5 Jun 2025

    186 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes