AI description
CVE-2025-49113 is a remote code execution vulnerability affecting Roundcube Webmail versions before 1.5.10 and 1.6.x before 1.6.11. It stems from the insufficient validation of the `_from` parameter in the `program/actions/settings/upload.php` file. This lack of validation allows for PHP Object Deserialization, potentially enabling authenticated users to execute arbitrary code on the Roundcube Webmail server. The vulnerability has been addressed in Roundcube Webmail versions 1.5.10 and 1.6.11.
- Description
- Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- webmail, debian_linux
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- cve@mitre.org
- CWE-502
- Hype score
- Not currently trending
I just completed Roundcube: CVE-2025-49113 room on TryHackMe. Exploit CVE-2025-49113 in a lab environment. https://t.co/fmfvnJPGOC #tryhackme via @tryhackme
@JVW1001
20 Jan 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 76 of #100DaysOfCybersecurity🛡️ Roundcube CVE-2025-49113 lab completed ✅ Analyzed an insecure deserialization flaw in Roundcube Webmail leading to authenticated remote code execution. Fix 🔐 Upgrade to 1.5.10 or 1.6.11. If patching is blocked, restrict upload.php
@HezyChacha
28 Dec 2025
62 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
I just completed Roundcube: CVE-2025-49113 room on TryHackMe. Exploit CVE-2025-49113 in a lab environment. https://t.co/8g6CJQojS2 #tryhackme via @tryhackme
@HezyChacha
28 Dec 2025
51 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-68461 + CVE-2025-49113 Exploit chain, From XSS to RCE via malicious SVG file In Roundcube Webmail. Turning post auth RCE in to a 1 Click RCE: https://t.co/MD8luRLsK1 #BugBounty #RedTeam #PenetrationTesting #Infosec #CyberSecurity https://t.co/hWWSjydlbe
@ptestsec
23 Dec 2025
214 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
0 Quotes
EMAIL ARMAGEDDON: Decade-Old Roundcube 0-Day (CVE-2025-49113) Grants Full Server Control—84,000 Systems Vulnerable Read the full report on - https://t.co/TiaPya8hiJ https://t.co/W1rJQrdyqT
@cyberbivash
19 Dec 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just remembered why I don't like THM. (¬`‸´¬) Even the easier HTB machines/challenges feel way more informative and useful. (ง'̀-'́)ง This is my last THM room (except AoC). ( •̀⤙•́ ) Exploit CVE-2025-49113 in a lab environment. https://t.co/6WNS4HTZnT
@idapproved
29 Nov 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New HackTheBox video!!! Roundcube RCE (CVE-2025-49113) to foothold, then exploiting Below monitoring tool (CVE-2025-27591) symlink vulnerability for root. Watch on YT: https://t.co/jeOrhwsSIk #HackTheBox #OSCP #CVE202549113 #CVE202527591 #Pentesting #Linux https://t.co/am0r3922b
@Strikoder
22 Nov 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Remote Code Execution (RCE) in Roundcube, CVE-2025-49113: Your Email is Not Safe! 53 million hosts at risk! https://t.co/t6mRtvwXrh @three_cube https://t.co/kDDMkNIGi1
@_aircorridor
6 Nov 2025
203 Impressions
2 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
Your Email is Not Safe! A critical Remote Code Execution vulnerability (CVE-2025-49113) in Roundcube puts over 53 million hosts at risk. https://t.co/q4K6DKbAgt @three_cube @_aircorridor https://t.co/si3DhDkc1Q
@DI0256
29 Oct 2025
930 Impressions
2 Retweets
3 Likes
6 Bookmarks
0 Replies
0 Quotes
I just completed Roundcube: CVE-2025-49113 room on TryHackMe. Exploit CVE-2025-49113 in a lab environment. https://t.co/NWeXnMrMNv #tryhackme @realtryhackme aracılığıyla
@aySahinay
10 Oct 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49113: Roundcube Post-Auth Remote Code Execution (RCE) The issue arises from the _from parameter in program/actions/settings/upload.php not being properly validated, allowing PHP Object Deserialization attacks. https://t.co/8kTjMHBxsX #BugBounty #roundcube
@NullSecurityX
23 Sept 2025
516 Impressions
1 Retweet
15 Likes
1 Bookmark
3 Replies
0 Quotes
Lab OutBound HackTheBox Walkthrough: استغلال ثغره موجود في Webmail اصدار 1.6.10 ثغره cve-2025-49113 ملاحظه الاستغلال مو موجود باداه metasploit التحديث اليديد لازم تستغله بسكربت php ما بعد ال
@mr0xlord
23 Sept 2025
4023 Impressions
1 Retweet
77 Likes
45 Bookmarks
2 Replies
0 Quotes
I just completed Roundcube: CVE-2025-49113 room on TryHackMe. Exploit CVE-2025-49113 in a lab environment. https://t.co/WXbt161VBv #tryhackme 来自 @realtryhackme
@GuanShanZhe
15 Sept 2025
30 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-49113 – Roundcube Webmail RCE Exploit https://t.co/lR0CgEPuUU… https://t.co/dzr85sAHQy
@sirjameshackz
2 Sept 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49113 – Roundcube Post-Auth RCE POST /upload.php _from=O:8:"Exploit":1:{s:4:"code";s:13:"system('id');";} Details: https://t.co/8kTjMHBxsX #BugBounty #CyberSecurity #roundcube
@NullSecurityX
2 Sept 2025
4896 Impressions
23 Retweets
124 Likes
54 Bookmarks
0 Replies
0 Quotes
I just completed Roundcube: CVE-2025-49113 room on TryHackMe. Exploit CVE-2025-49113 in a lab environment. https://t.co/ErpnMc6HS6 #tryhackme via @realtryhackme
@Bharatsharma_96
25 Aug 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49113 - Roundcube Remote Code Execution: Proof of Concept Remote Code Execution through insecure deserialization in Roundcube. GitHub: https://t.co/hwtMuBPLt8 https://t.co/KhqgKdBbsZ
@DarkWebInformer
19 Aug 2025
4043 Impressions
6 Retweets
24 Likes
11 Bookmarks
1 Reply
0 Quotes
Petite RCE exploitable CVE-2025-49113 - Roundcube mail server https://t.co/5Dj6XLyciy
@HaboubiAnis
15 Aug 2025
232 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
I just completed Roundcube: CVE-2025-49113 room on TryHackMe. Exploit CVE-2025-49113 in a lab environment. https://t.co/ws8i4KfZsq #tryhackme via @realtryhackme https://t.co/yruskmMU07
@yoCarlo_Magno
15 Aug 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A POC exploit for CVE-2025-49113, a remote code execution vulnerability in Roundcube Webmail. Full exploit here- https://t.co/FVC2avM6Am https://t.co/porqYKGfVJ
@Advik_Kant
14 Aug 2025
3740 Impressions
13 Retweets
76 Likes
38 Bookmarks
1 Reply
0 Quotes
CVE-2025-49113 * Roundcube ≤ 1.6.10 Post-Auth RCE * ALL in ONE (roundcube in docker + POC) https://t.co/DB1LkC78V8 https://t.co/36IS64PN4N
@HackingTeam777
6 Aug 2025
999 Impressions
4 Retweets
15 Likes
7 Bookmarks
0 Replies
0 Quotes
🚨 Critical Alert! Roundcube ≤ 1.6.10 has a post-auth RCE flaw via PHP object deserialization (CVE-2025-49113). Using Roundcube? Check your version & update ASAP! Details 👉https://t.co/bsTGGxnx9F #infosec #cybersecurity #RCE #Roundcube #emailsecurity
@wesley974
4 Aug 2025
125 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar — https://t.co/Cd6L8ACyLV: CVE-2025-53770 — Sharepoint Server 📈⬆️ CVE-2025-32433 (@lambdafu) CVE-2025-25257 (@0x_shaq) CVE-2025-49113 (@k_firsov) CVE-2025-6558 (@_clem1) CVE-2025-30406 CVE-2025-54309 CVE-2025-23266 (@nirohfeld @shirtamari) CVE
@ptdbugs
1 Aug 2025
160 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2025-49113: The decade-old RCE hiding in plain sight! 53 million hosts at risk from critical Roundcube vulnerability. https://t.co/t6mRtvxvgP @three_cube https://t.co/Q1g9oSliMh
@_aircorridor
31 Jul 2025
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
لاب outbound استخدمت ثغرتين: CVE-2025-49113: ثغرة RCE في Roundcube، تنفذ أوامر بعد تسجيل الدخول برفع كائن PHP خبيث. CVE-2025-27591: ثغرة صلاحيات، نربط ملف log بـ /etc/passwd ونضيف يوزر root ب
@0xsb3lr
29 Jul 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Your email isn't safe again. A critical RCE vulnerability in Roundcube (CVE-2025-49113) is making the rounds. If you're using this open-source webmail client, it’s time to patch or perish. Here's what you must know🧵👇 #CyberSecurity #InfoSec #CVE202549113 https://t
@justproton
26 Jul 2025
274 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
1 Quote
CVE-2025-49113 – Roundcube Webmail RCE Exploit https://t.co/tR5pyJwGD6 https://t.co/dS17s6pl0m
@cyber_advising
21 Jul 2025
10312 Impressions
48 Retweets
186 Likes
101 Bookmarks
2 Replies
0 Quotes
RCE in Roundcube (CVE-2025-49113): 10 years in the code, public exploit since June 5, real attacks confirmed. Patch now! #Roundcube #FearsOff ➡️ https://t.co/Iwrf5tJ0rs https://t.co/579eDF6fW8
@leonov_av
21 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#𝒜𝔫𝑜𝔫𝒚𝔪𝑜𝖚𝙨 #FuckIsrael #FreePalestine #OpIsrael #FreeGaza #StopGenocideOfPalestinians Israel webmail servers is Ꮒ𝘢𝔠𝕜𝖊𝕕 Ƅ𝒚 𝕜𝕣𝑜𝕜𝖊𝕥𝖊𝘢𝙨𝒊𝔫𝕘, CVE-2025-49113 is a critical vulnerability affecting
@Lulz_BinBash
13 Jul 2025
154 Impressions
1 Retweet
6 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-49113 https://t.co/yqNuZLefAL
@Dwaynejohn000
12 Jul 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-49113
@transilienceai
9 Jul 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-49113
@transilienceai
28 Jun 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Just published a write-up on CVE-2025-49113 – a critical authenticated RCE in Roundcube Webmail. https://t.co/aMG5AiyezC #RedTeam #CVE2025_49113 #TryHackMe
@z41b1337
27 Jun 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ready to tackle another legendary CVE? 💥 Just added to Hackviser Labs: A hands-on lab for Roundcube ≤ 1.6.10 Post-Auth RCE (CVE-2025-49113) 🚀 Perfect for security professionals and enthusiasts looking to understand and practice with real-world vulnerabilities 💪 Che
@hackviserr
26 Jun 2025
146 Impressions
2 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49113 https://t.co/ExTddikABq
@4osp3l
24 Jun 2025
26527 Impressions
111 Retweets
840 Likes
521 Bookmarks
6 Replies
0 Quotes
CVE-2025-49113-Scanner – Security Advisory 🔍 Description: Critical RCE vulnerability in certain web services. This tool checks and exploits the issue automatically. 🛠️ Exploitation Script: https://t.co/DWqjMEvHdg https://t.co/pWwd1aHwor
@issam_juniorx
23 Jun 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🦜🐻❄️🐱YouTube video walk through for TryHackMe Roundcube: CVE-2025-49113 🦊🐥CVE-2025-49113 is a Post-Authentication Remote Code Execution (RCE) vulnerability in Roundcube webmail (versions ≤ 1.6.10) caused by unsafe PHP object deserialization. Video link i
@DjalilAyed
23 Jun 2025
77 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-49113
@transilienceai
23 Jun 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Getting hands on with CVE-2025-49113. https://t.co/Xo5cRCzrcm #tryhackme via @realtryhackme
@J3CHxP
22 Jun 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-49113
@transilienceai
22 Jun 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-49113
@transilienceai
21 Jun 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-49113
@transilienceai
21 Jun 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-49113
@transilienceai
19 Jun 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-49113
@transilienceai
19 Jun 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨CVE-2025-49113、#Roundcube ウェブメール #RCE 脆弱性! メールの件名だけでリモートコード実行⚠️ 悪意のあるメールのリモートコマンドによりバックドアがインストールされる可能性があります。 🔍56,000件の
@CriminalIP_JP
19 Jun 2025
22 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-49113, #Roundcube 웹메일 #RCE 취약점! 메일 제목만으로 원격 코드 실행⚠️ 악성 메일을 수신받으면 공격자의 원격 명령으로 백도어가 설치될 수 있습니다. 🔍외부에 노출된 56,000여 개 인스턴스를 확인해보
@CriminalIP_KR
19 Jun 2025
76 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Desplegada actualización generalizada en todos los servidores mantenidos, propios y terceros para disponer de #RoundCube 1.6.11 para corregir fallo crítico CVE-2025-49113: https://t.co/1eqGonUsVh
@ASPLhosting
18 Jun 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TryHackMe | Roundcube: CVE-2025-49113 | WriteUp https://t.co/bkp3artOUm
@sn0optsz
18 Jun 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 15: Analyzed CVE-2025-49113 - CRITICAL RCE in Roundcube Webmail! CVSS: 9.9/10 | EPSS: 73.08% | 84K+ vulnerable installs Article link : https://t.co/kW9KNHYAjz #LSPPDay15 #60DaysOfLearning2025 #LearningWithLeapfrog @lftechnology
@itsdavidmandal
17 Jun 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Roundcube hit by critical zero-day as hackers sell exploit for CVE-2025-49113, enabling remote code execution in popular webmail platform. #CyberSecurity #ZeroDay #RoundcubeExploit https://t.co/6DG63LLywc
@CyberSecTV_eu
17 Jun 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAD2AF8E-DC67-45E3-ABC2-872B771C88C5",
"versionEndExcluding": "1.5.10"
},
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5DA16DB4-CE88-4E84-BBD6-2A749FFDA43D",
"versionEndExcluding": "1.6.11",
"versionStartIncluding": "1.6.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
],
"operator": "OR"
}
]
}
]