CVE-2025-49113
Published Jun 2, 2025
Last updated 11 days ago
- Description
- Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- webmail, debian_linux
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- RoundCube Webmail Deserialization of Untrusted Data Vulnerability
- Exploit added on
- Feb 20, 2026
- Exploit action due
- Mar 13, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
I just completed Roundcube: CVE-2025-49113 room on TryHackMe! Exploit CVE-2025-49113 in a lab environment. https://t.co/nETHBhX5I5 #tryhackme via @tryhackme
@ToTo13ru_xakep
4 Mar 2026
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 30 CVEs for debian (30 days). Top CVEs: CVE-2011-2523, CVE-2016-5195, CVE-2025-49113 Vendors: debian VulnSocial — your risk exposure provider. #vulnsocial #Debian #CVE #CyberSecurity #VulnerabilityManagement https://t.co/iUn30r73W2
@vulnsocial
3 Mar 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV 警告 26/02/20: Roundcube の脆弱性 CVE-2025-49113/68461 を登録 https://t.co/FQxWlp7ZYk オープンソースの Web メール・クライアントとして普及している Roundcube Webmail において、実環境での悪用が確認された 2 件の深
@iototsecnews
2 Mar 2026
124 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CVE-2025-49113 and CVE-2025-68461 Added to CISA KEV Catalog CISA adds CVE-2025-49113 and CVE-2025-68461 to KEV Catalog; federal agencies must remediate by March 13, 2026. CVE: CVE-2025-49113, CVE… https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Adds Critical Roundcube Vulnerabilities to KEV Catalog CISA added CVE-2025-49113 and CVE-2025-68461 to KEV Catalog due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: N/A … https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Adds CVE-2025-49113 and CVE-2025-68461 to KEV Catalog CISA added two Roundcube Webmail vulnerabilities to KEV Catalog due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: Unkno… https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CVE-2025-49113: Critical RCE Vulnerability in Roundcube Critical RCE vulnerability in Roundcube; patch released. CVE: CVE-2025-49113 • APT: N/A • Status: EXPLOITED Immediate patching required to… https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Adds CVE-2025-49113 to KEV Catalog CISA adds CVE-2025-49113 to KEV Catalog; agencies must remediate by March 13. CVE: CVE-2025-49113 • APT: N/A • Status: ACTIVE Federal agencies must act by… https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] RoundCube Webmail Vulnerabilities Added to CISA's KEV List CISA adds two RoundCube Webmail flaws to KEV list; exploitation by APT28 and Winter Vivern observed. CVE: CVE-2025-49113, CVE-2025-68… https://t.co/YUrXNPqYU3
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Adds RoundCube Webmail Vulnerabilities to KEV List CVE-2025-49113 and CVE-2025-68461 in RoundCube Webmail pose significant risks. CVE: CVE-2025-49113, CVE-2025-68461 • APT: APT28 • Status… https://t.co/YUrXNPqYU3
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] RoundCube Webmail Vulnerabilities Added to KEV List CISA adds two RoundCube flaws to its Known Exploited Vulnerabilities list. CVE: CVE-2025-49113, CVE-2025-68461 • APT: APT28 • Status: ACTIVE… https://t.co/YUrXNPqr4v
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Warns of Active Exploitation of RoundCube Webmail Flaws CISA alerts on active exploitation of CVE-2025-49113 and CVE-2025-68461 in RoundCube Web… https://t.co/tUOR2W8DOw
@MysocAi
25 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Flags Actively Exploited Roundcube Webmail Vulnerabilities CISA added CVE-2025-49113 and CVE-2025-68461 to its KEV catalogue amid active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: Unk… https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Adds Roundcube Vulnerabilities to KEV Catalog CISA added CVE-2025-49113 and CVE-2025-68461 to KEV due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • Status: ACTIVE Indicates widespread … https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Flags Actively Exploited Roundcube Vulnerabilities CISA added CVE-2025-49113 and CVE-2025-68461 to KEV list due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: APT34 • Status: ACTIVE Aff… https://t.co/kYM2rfE8Mb
@MysocAi
25 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Adds Actively Exploited Roundcube Webmail Vulnerabilities to KEV Catalog CISA warns of active exploitation of CVE-2025-49113 and CVE-2025-68461 in Roundcube Webmail. CVE: CVE-2025-49113, CVE-2025-6… https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Adds Roundcube Webmail Flaws to KEV Catalog CVE-2025-49113 and CVE-2025-68461 added due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: N/A • Status: ACTIVE Critical vulnerabili… https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Adds Roundcube Webmail Vulnerabilities to KEV Catalog CVE-2025-49113 and CVE-2025-68461 added due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: Unknown • Status: ACTIVE Critical v… https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA alerts on active exploits of patched Roundcube Webmail flaws CVE-2025-49113 & CVE-2025-68461 tied to Winter Vivern and APT28. New AI-assisted Arkanix Stealer targets browsers, wallets, and games. #WinterVivern #ArkanixStealer #USA https://t.co/MoviDe2Gfl
@TweetThreatNews
25 Feb 2026
163 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CVE-2025-49113 and CVE-2025-68461 Exploited in RoundCube CISA warns of active exploitation of two critical vulnerabilities in RoundCube Webmail. CVE… https://t.co/tUOR2W8DOw
@MysocAi
24 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CVE-2025-49113 and CVE-2025-68461 in RoundCube Webmail Actively Exploited CISA warns of active exploitation of critical vulnerabilities in RoundCube … https://t.co/tUOR2W8DOw
@MysocAi
24 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49113 / CVE-2025-68461 ⚠️ Roundcube Webmail – Actively Exploited RCE & XSS (CISA KEV) CISA has added CVE-2025-49113 and CVE-2025-68461 to its KEV catalogue following confirmation of active in-the-wild exploitation targeting Roundcube Webmail. CVE-2025-49
@modat_magnify
24 Feb 2026
115 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Warns of Actively Exploited Roundcube Vulnerabilities CISA issues warning on CVE-2025-49113 and CVE-2025-68461 in Roundcube Webmail, urging prom… https://t.co/tUOR2W8DOw
@MysocAi
24 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Updates KEV Catalog with RoundCube Webmail Vulnerabilities CISA adds CVE-2025-49113 and CVE-2025-68461 to KEV catalog amid active exploitation. … https://t.co/tUOR2W8DOw
@MysocAi
24 Feb 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CISA Warns of RoundCube Webmail Exploits CISA alerts on activ… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unspecified ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Affects webmail services, risking unauthorized access. 🔗 https://t.co
@MysocAi
24 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CISA Warns of Active Exploitation of Roundcube Webmail Vulnerabilities CISA adds two Roundc… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Requires immediate remediation to prevent expl
@MysocAi
24 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 RoundCube RCE Actively Exploited (CVE-2025-49113) Unauthenticated remote code execution Added to CISA KEV Mass scanning observed within 24h If you're running self-hosted RoundCube ≤1.6.9 and internet-facing — patch immediately. Tactical breakdown + mitigation steps: http
@ByteVanguardSec
24 Feb 2026
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [CRITICAL] CISA Warns of Actively Exploited RoundCube Webmail Vulnerabilities CISA alerts on CVE-2… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: N/A ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Immediate patching required to prevent exploitatio
@MysocAi
24 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [CRITICAL] CISA Warns of Active Exploitation of Roundcube Vulnerabilities CISA alerts on activ… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Requires immediate patching to prevent unauthorize
@MysocAi
24 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [CRITICAL] CISA Warns of Roundcube Webmail Vulnerabilities CISA issues warning … 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Exploitation for Privilege Escalation ⚔️ Requires immediate patching to preven
@MysocAi
24 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CISA Flags Actively Exploited Roundcube Webmail Vulnerabilities CISA adds CVE-2025-4… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: N/A ⚡ Status: ACTIVE 🎯 MITRE: Exploitation for Privilege Escalation, Exploitation for Defense Evasion ⚔️ Active expl
@MysocAi
23 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV: Roundcube webmail flaws CVE-2025-49113 (9.9 RCE) & CVE-2025-68461 (XSS) actively exploited Authenticated attackers can execute code #OpChildSafe: Patch Roundcube IMMEDIATELY Weak email =open door for ransomware & data theft Protect the vulnerable 🕊️🔥 #Ze
@Saints16294225
23 Feb 2026
184 Impressions
5 Retweets
9 Likes
0 Bookmarks
0 Replies
0 Quotes
Roundcube vulnerabilities (CVE-2025-49113, CVE-2025-68461) and BeyondTrust CVE-2026-1731 exploited in ransomware attacks delivering SparkRAT and VShell. PayPal and FICOBA breaches affect millions. AI and quantum security make progress. #BeyondTrust #PayPal https://t.co/fND6z5Jb1x
@TweetThreatNews
23 Feb 2026
44 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CISA Adds Roundcube Vulnerabilities to KEV Catalog CISA added CVE-2025-… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Affects widespread webmail service. 🔗 https://t.co/bzdGek9pqI
@MysocAi
23 Feb 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added two Roundcube webmail vulnerabilities to its KEV catalog due to active exploitation. CVE-2025-49113 (CVSS 9.9) allows remote code execution via an unvalidated URL parameter and was reported by FearsOff's Kirill Firsov. https://t.co/QKlBd3Uyyy
@securityRSS
23 Feb 2026
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [CRITICAL] CISA Flags Actively Exploited Roundcube Vulnerabilities CISA added CVE-2025-… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Emphasizes urgency in patching webmail systems. 🔗
@MysocAi
23 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔵 [CRITICAL] CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog … 🔴 CVE-2025-49113 ✅ Patch systems within three weeks. 🔗 https://t.co/h6KfxDWDG8 #CyberSecurity #ThreatIntel #S
@MysocAi
23 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔵 [CRITICAL] CISA Orders Feds to Patch Actively Exploited Dell Flaw Within 3 Days … 🔴 CVE-2025-49113 ✅ Apply the patch immediately. 🔗 https://t.co/pu8Vv4yQ46 #CyberSecurity #ThreatIn
@MysocAi
23 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔵 [HIGH] CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog … 🔴 CVE-2025-49113 ✅ Patch systems by March 14, 2026. 🔗 https://t.co/h6KfxDWDG8 #CyberSecurity #ThreatIntel #SOC #m
@MysocAi
23 Feb 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA reports active exploits targeting Roundcube Webmail flaws CVE-2025-49113 and CVE-2025-68461, with over 84,000 exposed instances. Federal agencies must patch by March 13 under BOD 22-01. #RoundcubeFlaws #U.S. #APT28 https://t.co/rLDdNV1cYq
@TweetThreatNews
23 Feb 2026
135 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Roundcube fait face à deux vulnérabilités exploitées (CVE-2025-49113 et CVE-2025-68461). Parking immédiat et durcissement de l'accès au webmail. Des dizaines de milliers d'installations exposées soulignent l'urgence... #cybersecurite #vulnerabilite https://t.co/g5qFMFQstN
@radarbytes_fr
23 Feb 2026
2 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Roundcube konfrontiert zwei ausgebeutete Schwachstellen (CVE-2025-49113 und CVE-2025-68461). Sofortige Parkplätze und Aushärtung des Zugangs zu Webmail. Zehntausende von Einrichtungen, die der Dringlichkeit... #cybersicherheit #schwachstellen #malware https://t.co/E3AfPaev7i
@radarbytes_de
23 Feb 2026
1 Impression
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
2026: CISA adds Roundcube webmail flaws to KEV -CVE-2025-49113 (9.9 RCE) & CVE-2025-68461 (XSS) actively exploited. Auth attackers can run code. #OpChildSafe: Update Roundcube NOW -weak email = gateway for ransomware/CSAM Hospitals & clinics: patch urgent! 🕊️🔥 #Ze
@Saints16294225
23 Feb 2026
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Adds Actively Exploited Roundcube Flaws to KEV: Patch CVE-2025-49113 RCE + CVE-2025-68461 XSS Now CISA added two Roundcube webmail issues to the KEV catalog after active exploitation evidence: CVE-2025-49113 (critical post-auth PHP object deserialization leading to
@ThreatSynop
23 Feb 2026
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerability Alert - Roundcube CISA added two actively exploited flaws to KEV: CVE-2025-49113 (CVSS 9.9, Auth RCE) CVE-2025-68461 (CVSS 7.2, XSS) Patch immediately and review exposure. #CyberSecurity #Roundcube #KEV #PatchNow https://t.co/g20CB2ZqpF
@CloneSystemsInc
23 Feb 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA: Roundcube Webmail Flaws Now Actively Exploited — Patch CVE-2025-49113 (RCE) and CVE-2025-68461 (XSS) by March 13 CISA added two Roundcube bugs to KEV after evidence of active exploitation: CVE-2025-49113 (critical RCE via deserialization) and CVE-2025-68461
@ThreatSynop
23 Feb 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Roundcube webmail flaws CVE-2025-49113 exploited. Active attacks on mail servers.
@Anonymous_Tech7
23 Feb 2026
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds two Roundcube webmail flaws to KEV: CVE-2025-49113 (score 9.9), a deserialization flaw allowing remote code execution, actively exploited. Stay alert. https://t.co/fmOVFM8k9c
@technoholic_me
23 Feb 2026
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Roundcube webmail flaws CVE-2025-49113 exploited. Impact: unauthorized access, data theft.
@Anonymous_Tech7
22 Feb 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Active exploits surge with critical vulnerabilities in Roundcube CVE-2025-49113/68461 and BeyondTrust CVE-2026-1731 enabling SparkRAT, VShell, and more. ATM jackpotting, PayPal & FICOBA breaches also reported. #Roundcube #ATMJackpot #USA https://t.co/nsNtgjFzgH
@TweetThreatNews
22 Feb 2026
128 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD2AF8E-DC67-45E3-ABC2-872B771C88C5",
"versionEndExcluding": "1.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DA16DB4-CE88-4E84-BBD6-2A749FFDA43D",
"versionEndExcluding": "1.6.11",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]