CVE-2025-49113

CVE-2025-49113 (CVSS:9.9, CRITICAL) is Awaiting Analysis. Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the ..https://t.co/Amq8Ti4UOo #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

why you'd allow 'proc_open' on your webmail client in the first place? (like pretty much every webmail client in existence) CVE-2025-49113 - obv roundcube can run as a unikernel - https://t.co/7R03dCfjHH it's only "weaponized" if you let it

🚨 We've added a new signature to our Suricata ruleset for the critical vulnerability CVE-2025-49113 in Roundcube, previously reproduced by @ptswarm. This RCE vulnerability potentially exposes millions of hosts worldwide. Update your rules now: https://t.co/Bom73mlzFQ #Suricata

Roundcube Risks CVE-2025-49113 vul analysis https://t.co/kvX9t6ymid CVE-2024-42009 https://t.co/GPyhSCFihi https://t.co/quZm7j9sZr

🚨Alert: Positive Technologies has confirmed the deadly CVE-2025-49113 exploit—authenticated users can run arbitrary commands through PHP object deserialization. Read: https://t.co/QGsfVjdIAS Action: Update Roundcube immediately to the latest version.

CVE-2025-49113: Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.. https://t.co/nMsi4hb9g

🚨 A Critical Vulnerability exists in Roundcube Webmail (CVE-2025-49113). Please see the @ncsc_gov_ie advisory for more info: https://t.co/OHM1O1Dw1E

В продаже появился эксплоит для критической уязвимости в Roundcube Эксперты предупреждают, что хакеры начинают эксплуатировать свежую уязвимость (CVE-2025-49113)

ハッカーがRoundcubeウェブメールの致命的な脆弱性を販売、技術情報も明らかに(CVE-2025-49113) https://t.co/oRd8HnxjyC #Security #セキュリティ #ニュース

Hackers are exploiting CVE-2025-49113, a critical vulnerability in Roundcube versions 1.1.0-1.6.10, enabling remote code execution. Exploits are being sold quickly after reveal. Stay alert! 🔒 #Email #Hacking #Australia https://t.co/QRugMBgAhV

2025-06-05 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization [CVE-2025-49113] https://t.co/2JQjXZCuzG https://t.co/9pwUJTT8xC

🚨 CVE-2025-49113 - critical 🚨 Roundcube Webmail - Remote Code Execution > Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution ... 👾 https://t.co/ohT0mih1ej @pdnuclei #NucleiTemplates #cve

🚨 CVE-2025-49113 – Authenticated RCE in Roundcube via unsafe deserialization in upload.php (via @FearsOff) PoC-based detection template and full details in comments. https://t.co/W1MG1NbeqM

Hackers are likely starting to exploit CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. https://t.co/aHd0TFwutV https://t.co/Kv6fCcA5O8

CVE-2025-49113, a critical vulnerability in Roundcube webmail affecting versions 1.1.0 to 1.6.10, allows remote code execution. Exploitation is occurring rapidly following a patch, with exploits available on hacker forums. #Security https://t.co/6cJQuVTS2P

🚨 Critical Webmail Threat: #CVE-2025-49113 Exploitation in Roundcube Webmail Goes Live https://t.co/N3mZZ36MdR

A critical vulnerability (CVE-2025-49113) in the widely used Roundcube webmail application is now being exploited by hackers, allowing for remote execution. Stay informed about this significant threat and the implications it carries. Read more: https://t.co/ECTwFsF70T

Roundcube ≤ 1.6.10 Post-Auth RCE CVE-2025-49113 https://t.co/eRFsIIYVvp

📌 Critical flaw in Roundcube webmail software, undetected for 10 years, allows attackers to execute arbitrary code. CVE-2025-49113 scores 9.9 on CVSS. #CyberSecurity #Roundcube https://t.co/NcMLamOand https://t.co/NThZpNB841

CVE-2025-49113 is a fascinating PHP Object injection in Roundcube webmail, a really nice find by the original finder. #roundcube #cve-2025-49113 #rce https://t.co/skfnfvDbaA

My research on CVE-2025-49113 is out. https://t.co/kuLczCSv6V. Happy reading! #CVE #roundcube #poc @FearsOff https://t.co/p59xHaDo7S

Olm CVE-2025-49113 nasıl object deserialization büyücü müsünüz ya https://t.co/VEkXFjy496

Critical 10-Year-Old Roundcube Webmail Vulnerability Allows Authenticated Users to Execute Malicious Code CVE-2025-49113 (CVSS 9.9), a critical flaw in Roundcube webmail allows authenticated users to execute arbitrary code via PHP object deserialization. The vulnerability, https

⚠️Vulnerabilidad en el correo web de Roundcube ❗CVE-2025-49113 ➡️Más info: https://t.co/wuQEktyYnI https://t.co/f5xUYjZPSq

NIST je 2.6. 2025 izdal obvestilo o kritični ranljivosti CVE-2025-49113 sistema Roundcube Webmail. Proof-of-concept koda za izrabo ranljivosti je že javno objavljena, zato svetujemo takojšnje ukrepanje. https://t.co/CHrpCX2ZS2 https://t.co/WruuW41WOt

The exploit for CVE-2025-49113 is already available for sale on the dark web. I feel sorry for anyone who hasn’t upgraded to the newest version yet. Doomsday is coming, believe me. #roundcube #CVE @FearsOff https://t.co/znwBUUU3Rg

🚨 CVE Alert: Critical Roundcube Webmail Remote Code Execution Vulnerability🚨 Vulnerability Details: CVE-2025-49113 (CVSS 9.9/10) Roundcube Webmail Remote Code Execution Vulnerability Impact: A successful exploit may allow authenticated users can potentially execute arbitr

Roundcube Webmail、認証ユーザーによる悪意のあるコード実行を許す10年以上の重大なバグ発見(CVE-2025-49113) https://t.co/JZPpWXSH4P #Security #セキュリティ #ニュース

I've created a script to detect CVE-2025-49113 based on versions exposed in the html body: https://t.co/wmWVLbjaUL Use at your own risk. https://t.co/qic5IdtURR

A critical vulnerability in Roundcube, CVE-2025-49113, allows authenticated users to execute malicious code due to insecure _from parameter validation. Fixes released in versions 1.6.11 & 1.5.10 LTS. 🚨 #Webmail #Security #UK https://t.co/ToTwoL9sCB

⚠️ We’ve reproduced CVE-2025-49113 in Roundcube. This vulnerability allows authenticated users to execute arbitrary commands via PHP object deserialization. If you're running Roundcube — update immediately! https://t.co/iv3L56TRUB

If you’re using cPanel, Plesk, ISPConfig, or DirectAdmin, you’re likely in the line of fire for CVE-2025-49113 – all of them bundle Roundcube by default. If your server/website exposes any of these ports: 2083, 2086, 2087, or 2096, you’re vulnerable. #CVE #roundcube @Fear

🚨 A 10-year-old flaw (CVE-2025-49113 / CVSS 9.9) in Roundcube Webmail could let hackers take over your system. Nation-state groups like APT28 have already exploited Roundcube before. 🔗 Read: https://t.co/BMAtVUugBR... https://t.co/WQ4wVEqrVx

🚨 A 10-year-old flaw (CVE-2025-49113 / CVSS 9.9) in Roundcube Webmail could let hackers take over your system. Nation-state groups like APT28 have already exploited Roundcube before. 🔗 Read: https://t.co/QGsfVjdaLk 🔧 Patch to 1.6.11 or 1.5.10 LTS now. 📌 PoC coming

CVE-2025-49113: RCE in Roundcube Webmail, 9.9 rating 🔥 Vuln in Roundcube allows attackers to perform RCE due to the lack of validation of the _from parameter. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/cqoQWhjF3E #cybersecurity #vulnerability_map https://t.c

⚠️ Critical Roundcube Vulnerability Enables Remote Code Execution via Deserialization Flaw 💻A newly discovered flaw (CVE-2025-49113) in Roundcube Webmail allows authenticated users to execute arbitrary code via an unvalidated `_from` parameter. Affected versions must be

CVE-2025-49113 Remote Code Execution in Roundcube Webmail via Unsafe Parameter Deserialization https://t.co/ctsS5iPRKh

CVE-2025-49113 Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in p… https://t.co/YzlXsBuEpB

[CVE-2025-49113: CRITICAL] Vulnerability in Roundcube Webmail versions before 1.5.10 and 1.6.x before 1.6.11 could allow authenticated users to execute remote code due to improper validation of the _from par...#cve,CVE-2025-49113,#cybersecurity https://t.co/VXYEaiQIck https://t.c