CVE-2025-49113
Published Jun 2, 2025
Last updated 2 months ago
AI description
CVE-2025-49113 is a remote code execution vulnerability affecting Roundcube Webmail versions before 1.5.10 and 1.6.x before 1.6.11. It stems from the insufficient validation of the `_from` parameter in the `program/actions/settings/upload.php` file. This lack of validation allows for PHP Object Deserialization, potentially enabling authenticated users to execute arbitrary code on the Roundcube Webmail server. The vulnerability has been addressed in Roundcube Webmail versions 1.5.10 and 1.6.11.
- Description
- Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- webmail, debian_linux
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- RoundCube Webmail Deserialization of Untrusted Data Vulnerability
- Exploit added on
- Feb 20, 2026
- Exploit action due
- Mar 13, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
🛡️ We added RoundCube Webmail vulnerabilities CVE-2025-49113 & CVE-2025-68461 to our Known Exploited Vulnerabilities Catalog.
@NexusForgeCyber
16 Mar 2026
14 Impressions
3 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Alerta de Seguridad: Vulnerabilidad de Deserialización de Datos No Confiables en RoundCube Webmail (CVE-2025-49113) RoundCube Webmail presenta una vulnerabilidad crítica de deserialización de datos no confiables (CWE-502) que permite ejecución remota de código (RCE)
@CiberPlanetaOrg
16 Mar 2026
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49113 | 42 mentions | Vendors: debian, roundcube | Active Exploitation | debian_linux, webmail | 11[.]0 VulnSocial - your risk exposure provider. https://t.co/S4rp6ysUQi https://t.co/8FZCTFa4R0
@vulnsocial
9 Mar 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 30 CVEs for ecosystem (30 days). Top CVEs: CVE-2025-40538, CVE-2025-49113, CVE-2022-20775 VulnSocial — your risk exposure provider. #vulnsocial #CVE #CyberSecurity #VulnerabilityManagement https://t.co/S02Q7THYkX
@vulnsocial
7 Mar 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49113 | 42 mentions | Vendors: debian, roundcube | Active Exploitation | debian_linux, webmail | 11[.]0 VulnSocial - your risk exposure provider. https://t.co/S4rp6ysUQi
@vulnsocial
7 Mar 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Roundcube: CVE-2025-49113 room on TryHackMe! Exploit CVE-2025-49113 in a lab environment. https://t.co/nETHBhX5I5 #tryhackme via @tryhackme
@ToTo13ru_xakep
4 Mar 2026
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 30 CVEs for debian (30 days). Top CVEs: CVE-2011-2523, CVE-2016-5195, CVE-2025-49113 Vendors: debian VulnSocial — your risk exposure provider. #vulnsocial #Debian #CVE #CyberSecurity #VulnerabilityManagement https://t.co/iUn30r73W2
@vulnsocial
3 Mar 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV 警告 26/02/20: Roundcube の脆弱性 CVE-2025-49113/68461 を登録 https://t.co/FQxWlp7ZYk オープンソースの Web メール・クライアントとして普及している Roundcube Webmail において、実環境での悪用が確認された 2 件の深
@iototsecnews
2 Mar 2026
124 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CVE-2025-49113 and CVE-2025-68461 Added to CISA KEV Catalog CISA adds CVE-2025-49113 and CVE-2025-68461 to KEV Catalog; federal agencies must remediate by March 13, 2026. CVE: CVE-2025-49113, CVE… https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Adds Critical Roundcube Vulnerabilities to KEV Catalog CISA added CVE-2025-49113 and CVE-2025-68461 to KEV Catalog due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: N/A … https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Adds CVE-2025-49113 and CVE-2025-68461 to KEV Catalog CISA added two Roundcube Webmail vulnerabilities to KEV Catalog due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: Unkno… https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CVE-2025-49113: Critical RCE Vulnerability in Roundcube Critical RCE vulnerability in Roundcube; patch released. CVE: CVE-2025-49113 • APT: N/A • Status: EXPLOITED Immediate patching required to… https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Adds CVE-2025-49113 to KEV Catalog CISA adds CVE-2025-49113 to KEV Catalog; agencies must remediate by March 13. CVE: CVE-2025-49113 • APT: N/A • Status: ACTIVE Federal agencies must act by… https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] RoundCube Webmail Vulnerabilities Added to CISA's KEV List CISA adds two RoundCube Webmail flaws to KEV list; exploitation by APT28 and Winter Vivern observed. CVE: CVE-2025-49113, CVE-2025-68… https://t.co/YUrXNPqYU3
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Adds RoundCube Webmail Vulnerabilities to KEV List CVE-2025-49113 and CVE-2025-68461 in RoundCube Webmail pose significant risks. CVE: CVE-2025-49113, CVE-2025-68461 • APT: APT28 • Status… https://t.co/YUrXNPqYU3
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] RoundCube Webmail Vulnerabilities Added to KEV List CISA adds two RoundCube flaws to its Known Exploited Vulnerabilities list. CVE: CVE-2025-49113, CVE-2025-68461 • APT: APT28 • Status: ACTIVE… https://t.co/YUrXNPqr4v
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Warns of Active Exploitation of RoundCube Webmail Flaws CISA alerts on active exploitation of CVE-2025-49113 and CVE-2025-68461 in RoundCube Web… https://t.co/tUOR2W8DOw
@MysocAi
25 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Flags Actively Exploited Roundcube Webmail Vulnerabilities CISA added CVE-2025-49113 and CVE-2025-68461 to its KEV catalogue amid active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: Unk… https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Adds Roundcube Vulnerabilities to KEV Catalog CISA added CVE-2025-49113 and CVE-2025-68461 to KEV due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • Status: ACTIVE Indicates widespread … https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Flags Actively Exploited Roundcube Vulnerabilities CISA added CVE-2025-49113 and CVE-2025-68461 to KEV list due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: APT34 • Status: ACTIVE Aff… https://t.co/kYM2rfE8Mb
@MysocAi
25 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Adds Actively Exploited Roundcube Webmail Vulnerabilities to KEV Catalog CISA warns of active exploitation of CVE-2025-49113 and CVE-2025-68461 in Roundcube Webmail. CVE: CVE-2025-49113, CVE-2025-6… https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Adds Roundcube Webmail Flaws to KEV Catalog CVE-2025-49113 and CVE-2025-68461 added due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: N/A • Status: ACTIVE Critical vulnerabili… https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Adds Roundcube Webmail Vulnerabilities to KEV Catalog CVE-2025-49113 and CVE-2025-68461 added due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: Unknown • Status: ACTIVE Critical v… https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA alerts on active exploits of patched Roundcube Webmail flaws CVE-2025-49113 & CVE-2025-68461 tied to Winter Vivern and APT28. New AI-assisted Arkanix Stealer targets browsers, wallets, and games. #WinterVivern #ArkanixStealer #USA https://t.co/MoviDe2Gfl
@TweetThreatNews
25 Feb 2026
163 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CVE-2025-49113 and CVE-2025-68461 Exploited in RoundCube CISA warns of active exploitation of two critical vulnerabilities in RoundCube Webmail. CVE… https://t.co/tUOR2W8DOw
@MysocAi
24 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CVE-2025-49113 and CVE-2025-68461 in RoundCube Webmail Actively Exploited CISA warns of active exploitation of critical vulnerabilities in RoundCube … https://t.co/tUOR2W8DOw
@MysocAi
24 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49113 / CVE-2025-68461 ⚠️ Roundcube Webmail – Actively Exploited RCE & XSS (CISA KEV) CISA has added CVE-2025-49113 and CVE-2025-68461 to its KEV catalogue following confirmation of active in-the-wild exploitation targeting Roundcube Webmail. CVE-2025-49
@modat_magnify
24 Feb 2026
115 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Warns of Actively Exploited Roundcube Vulnerabilities CISA issues warning on CVE-2025-49113 and CVE-2025-68461 in Roundcube Webmail, urging prom… https://t.co/tUOR2W8DOw
@MysocAi
24 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Updates KEV Catalog with RoundCube Webmail Vulnerabilities CISA adds CVE-2025-49113 and CVE-2025-68461 to KEV catalog amid active exploitation. … https://t.co/tUOR2W8DOw
@MysocAi
24 Feb 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CISA Warns of RoundCube Webmail Exploits CISA alerts on activ… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unspecified ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Affects webmail services, risking unauthorized access. 🔗 https://t.co
@MysocAi
24 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CISA Warns of Active Exploitation of Roundcube Webmail Vulnerabilities CISA adds two Roundc… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Requires immediate remediation to prevent expl
@MysocAi
24 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 RoundCube RCE Actively Exploited (CVE-2025-49113) Unauthenticated remote code execution Added to CISA KEV Mass scanning observed within 24h If you're running self-hosted RoundCube ≤1.6.9 and internet-facing — patch immediately. Tactical breakdown + mitigation steps: http
@ByteVanguardSec
24 Feb 2026
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [CRITICAL] CISA Warns of Actively Exploited RoundCube Webmail Vulnerabilities CISA alerts on CVE-2… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: N/A ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Immediate patching required to prevent exploitatio
@MysocAi
24 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [CRITICAL] CISA Warns of Active Exploitation of Roundcube Vulnerabilities CISA alerts on activ… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Requires immediate patching to prevent unauthorize
@MysocAi
24 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [CRITICAL] CISA Warns of Roundcube Webmail Vulnerabilities CISA issues warning … 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Exploitation for Privilege Escalation ⚔️ Requires immediate patching to preven
@MysocAi
24 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CISA Flags Actively Exploited Roundcube Webmail Vulnerabilities CISA adds CVE-2025-4… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: N/A ⚡ Status: ACTIVE 🎯 MITRE: Exploitation for Privilege Escalation, Exploitation for Defense Evasion ⚔️ Active expl
@MysocAi
23 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV: Roundcube webmail flaws CVE-2025-49113 (9.9 RCE) & CVE-2025-68461 (XSS) actively exploited Authenticated attackers can execute code #OpChildSafe: Patch Roundcube IMMEDIATELY Weak email =open door for ransomware & data theft Protect the vulnerable 🕊️🔥 #Ze
@Saints16294225
23 Feb 2026
184 Impressions
5 Retweets
9 Likes
0 Bookmarks
0 Replies
0 Quotes
Roundcube vulnerabilities (CVE-2025-49113, CVE-2025-68461) and BeyondTrust CVE-2026-1731 exploited in ransomware attacks delivering SparkRAT and VShell. PayPal and FICOBA breaches affect millions. AI and quantum security make progress. #BeyondTrust #PayPal https://t.co/fND6z5Jb1x
@TweetThreatNews
23 Feb 2026
44 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CISA Adds Roundcube Vulnerabilities to KEV Catalog CISA added CVE-2025-… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Affects widespread webmail service. 🔗 https://t.co/bzdGek9pqI
@MysocAi
23 Feb 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added two Roundcube webmail vulnerabilities to its KEV catalog due to active exploitation. CVE-2025-49113 (CVSS 9.9) allows remote code execution via an unvalidated URL parameter and was reported by FearsOff's Kirill Firsov. https://t.co/QKlBd3Uyyy
@securityRSS
23 Feb 2026
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [CRITICAL] CISA Flags Actively Exploited Roundcube Vulnerabilities CISA added CVE-2025-… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Emphasizes urgency in patching webmail systems. 🔗
@MysocAi
23 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔵 [CRITICAL] CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog … 🔴 CVE-2025-49113 ✅ Patch systems within three weeks. 🔗 https://t.co/h6KfxDWDG8 #CyberSecurity #ThreatIntel #S
@MysocAi
23 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔵 [CRITICAL] CISA Orders Feds to Patch Actively Exploited Dell Flaw Within 3 Days … 🔴 CVE-2025-49113 ✅ Apply the patch immediately. 🔗 https://t.co/pu8Vv4yQ46 #CyberSecurity #ThreatIn
@MysocAi
23 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔵 [HIGH] CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog … 🔴 CVE-2025-49113 ✅ Patch systems by March 14, 2026. 🔗 https://t.co/h6KfxDWDG8 #CyberSecurity #ThreatIntel #SOC #m
@MysocAi
23 Feb 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA reports active exploits targeting Roundcube Webmail flaws CVE-2025-49113 and CVE-2025-68461, with over 84,000 exposed instances. Federal agencies must patch by March 13 under BOD 22-01. #RoundcubeFlaws #U.S. #APT28 https://t.co/rLDdNV1cYq
@TweetThreatNews
23 Feb 2026
135 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Roundcube fait face à deux vulnérabilités exploitées (CVE-2025-49113 et CVE-2025-68461). Parking immédiat et durcissement de l'accès au webmail. Des dizaines de milliers d'installations exposées soulignent l'urgence... #cybersecurite #vulnerabilite https://t.co/g5qFMFQstN
@radarbytes_fr
23 Feb 2026
2 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Roundcube konfrontiert zwei ausgebeutete Schwachstellen (CVE-2025-49113 und CVE-2025-68461). Sofortige Parkplätze und Aushärtung des Zugangs zu Webmail. Zehntausende von Einrichtungen, die der Dringlichkeit... #cybersicherheit #schwachstellen #malware https://t.co/E3AfPaev7i
@radarbytes_de
23 Feb 2026
1 Impression
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
2026: CISA adds Roundcube webmail flaws to KEV -CVE-2025-49113 (9.9 RCE) & CVE-2025-68461 (XSS) actively exploited. Auth attackers can run code. #OpChildSafe: Update Roundcube NOW -weak email = gateway for ransomware/CSAM Hospitals & clinics: patch urgent! 🕊️🔥 #Ze
@Saints16294225
23 Feb 2026
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Adds Actively Exploited Roundcube Flaws to KEV: Patch CVE-2025-49113 RCE + CVE-2025-68461 XSS Now CISA added two Roundcube webmail issues to the KEV catalog after active exploitation evidence: CVE-2025-49113 (critical post-auth PHP object deserialization leading to
@ThreatSynop
23 Feb 2026
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerability Alert - Roundcube CISA added two actively exploited flaws to KEV: CVE-2025-49113 (CVSS 9.9, Auth RCE) CVE-2025-68461 (CVSS 7.2, XSS) Patch immediately and review exposure. #CyberSecurity #Roundcube #KEV #PatchNow https://t.co/g20CB2ZqpF
@CloneSystemsInc
23 Feb 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD2AF8E-DC67-45E3-ABC2-872B771C88C5",
"versionEndExcluding": "1.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DA16DB4-CE88-4E84-BBD6-2A749FFDA43D",
"versionEndExcluding": "1.6.11",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]