AI description
CVE-2025-49113 is a remote code execution vulnerability affecting Roundcube Webmail versions before 1.5.10 and 1.6.x before 1.6.11. It stems from the insufficient validation of the `_from` parameter in the `program/actions/settings/upload.php` file. This lack of validation allows for PHP Object Deserialization, potentially enabling authenticated users to execute arbitrary code on the Roundcube Webmail server. The vulnerability has been addressed in Roundcube Webmail versions 1.5.10 and 1.6.11.
- Description
- Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- cve@mitre.org
- CWE-502
- Hype score
- Not currently trending
CVE-2025-49113 – Roundcube Webmail RCE Exploit https://t.co/lR0CgEPuUU… https://t.co/dzr85sAHQy
@sirjameshackz
2 Sept 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49113 – Roundcube Post-Auth RCE POST /upload.php _from=O:8:"Exploit":1:{s:4:"code";s:13:"system('id');";} Details: https://t.co/8kTjMHBxsX #BugBounty #CyberSecurity #roundcube
@NullSecurityX
2 Sept 2025
4896 Impressions
23 Retweets
124 Likes
54 Bookmarks
0 Replies
0 Quotes
I just completed Roundcube: CVE-2025-49113 room on TryHackMe. Exploit CVE-2025-49113 in a lab environment. https://t.co/ErpnMc6HS6 #tryhackme via @realtryhackme
@Bharatsharma_96
25 Aug 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49113 - Roundcube Remote Code Execution: Proof of Concept Remote Code Execution through insecure deserialization in Roundcube. GitHub: https://t.co/hwtMuBPLt8 https://t.co/KhqgKdBbsZ
@DarkWebInformer
19 Aug 2025
4043 Impressions
6 Retweets
24 Likes
11 Bookmarks
1 Reply
0 Quotes
Petite RCE exploitable CVE-2025-49113 - Roundcube mail server https://t.co/5Dj6XLyciy
@HaboubiAnis
15 Aug 2025
232 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
I just completed Roundcube: CVE-2025-49113 room on TryHackMe. Exploit CVE-2025-49113 in a lab environment. https://t.co/ws8i4KfZsq #tryhackme via @realtryhackme https://t.co/yruskmMU07
@yoCarlo_Magno
15 Aug 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A POC exploit for CVE-2025-49113, a remote code execution vulnerability in Roundcube Webmail. Full exploit here- https://t.co/FVC2avM6Am https://t.co/porqYKGfVJ
@Advik_Kant
14 Aug 2025
3740 Impressions
13 Retweets
76 Likes
38 Bookmarks
1 Reply
0 Quotes
CVE-2025-49113 * Roundcube ≤ 1.6.10 Post-Auth RCE * ALL in ONE (roundcube in docker + POC) https://t.co/DB1LkC78V8 https://t.co/36IS64PN4N
@HackingTeam777
6 Aug 2025
999 Impressions
4 Retweets
15 Likes
7 Bookmarks
0 Replies
0 Quotes
🚨 Critical Alert! Roundcube ≤ 1.6.10 has a post-auth RCE flaw via PHP object deserialization (CVE-2025-49113). Using Roundcube? Check your version & update ASAP! Details 👉https://t.co/bsTGGxnx9F #infosec #cybersecurity #RCE #Roundcube #emailsecurity
@wesley974
4 Aug 2025
125 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar — https://t.co/Cd6L8ACyLV: CVE-2025-53770 — Sharepoint Server 📈⬆️ CVE-2025-32433 (@lambdafu) CVE-2025-25257 (@0x_shaq) CVE-2025-49113 (@k_firsov) CVE-2025-6558 (@_clem1) CVE-2025-30406 CVE-2025-54309 CVE-2025-23266 (@nirohfeld @shirtamari) CVE
@ptdbugs
1 Aug 2025
160 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2025-49113: The decade-old RCE hiding in plain sight! 53 million hosts at risk from critical Roundcube vulnerability. https://t.co/t6mRtvxvgP @three_cube https://t.co/Q1g9oSliMh
@_aircorridor
31 Jul 2025
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
لاب outbound استخدمت ثغرتين: CVE-2025-49113: ثغرة RCE في Roundcube، تنفذ أوامر بعد تسجيل الدخول برفع كائن PHP خبيث. CVE-2025-27591: ثغرة صلاحيات، نربط ملف log بـ /etc/passwd ونضيف يوزر root ب
@0xsb3lr
29 Jul 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Your email isn't safe again. A critical RCE vulnerability in Roundcube (CVE-2025-49113) is making the rounds. If you're using this open-source webmail client, it’s time to patch or perish. Here's what you must know🧵👇 #CyberSecurity #InfoSec #CVE202549113 https://t
@justproton
26 Jul 2025
274 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
1 Quote
CVE-2025-49113 – Roundcube Webmail RCE Exploit https://t.co/tR5pyJwGD6 https://t.co/dS17s6pl0m
@cyber_advising
21 Jul 2025
10312 Impressions
48 Retweets
186 Likes
101 Bookmarks
2 Replies
0 Quotes
RCE in Roundcube (CVE-2025-49113): 10 years in the code, public exploit since June 5, real attacks confirmed. Patch now! #Roundcube #FearsOff ➡️ https://t.co/Iwrf5tJ0rs https://t.co/579eDF6fW8
@leonov_av
21 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#𝒜𝔫𝑜𝔫𝒚𝔪𝑜𝖚𝙨 #FuckIsrael #FreePalestine #OpIsrael #FreeGaza #StopGenocideOfPalestinians Israel webmail servers is Ꮒ𝘢𝔠𝕜𝖊𝕕 Ƅ𝒚 𝕜𝕣𝑜𝕜𝖊𝕥𝖊𝘢𝙨𝒊𝔫𝕘, CVE-2025-49113 is a critical vulnerability affecting
@Lulz_BinBash
13 Jul 2025
154 Impressions
1 Retweet
6 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-49113 https://t.co/yqNuZLefAL
@Dwaynejohn000
12 Jul 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-49113
@transilienceai
9 Jul 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-49113
@transilienceai
28 Jun 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Just published a write-up on CVE-2025-49113 – a critical authenticated RCE in Roundcube Webmail. https://t.co/aMG5AiyezC #RedTeam #CVE2025_49113 #TryHackMe
@z41b1337
27 Jun 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ready to tackle another legendary CVE? 💥 Just added to Hackviser Labs: A hands-on lab for Roundcube ≤ 1.6.10 Post-Auth RCE (CVE-2025-49113) 🚀 Perfect for security professionals and enthusiasts looking to understand and practice with real-world vulnerabilities 💪 Che
@hackviserr
26 Jun 2025
146 Impressions
2 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49113 https://t.co/ExTddikABq
@40sp3l
24 Jun 2025
26527 Impressions
111 Retweets
840 Likes
521 Bookmarks
6 Replies
0 Quotes
CVE-2025-49113-Scanner – Security Advisory 🔍 Description: Critical RCE vulnerability in certain web services. This tool checks and exploits the issue automatically. 🛠️ Exploitation Script: https://t.co/DWqjMEvHdg https://t.co/pWwd1aHwor
@issam_juniorx
23 Jun 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🦜🐻❄️🐱YouTube video walk through for TryHackMe Roundcube: CVE-2025-49113 🦊🐥CVE-2025-49113 is a Post-Authentication Remote Code Execution (RCE) vulnerability in Roundcube webmail (versions ≤ 1.6.10) caused by unsafe PHP object deserialization. Video link i
@DjalilAyed
23 Jun 2025
77 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-49113
@transilienceai
23 Jun 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Getting hands on with CVE-2025-49113. https://t.co/Xo5cRCzrcm #tryhackme via @realtryhackme
@p0rkchxp
22 Jun 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-49113
@transilienceai
22 Jun 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-49113
@transilienceai
21 Jun 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-49113
@transilienceai
21 Jun 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-49113
@transilienceai
19 Jun 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-49113
@transilienceai
19 Jun 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨CVE-2025-49113、#Roundcube ウェブメール #RCE 脆弱性! メールの件名だけでリモートコード実行⚠️ 悪意のあるメールのリモートコマンドによりバックドアがインストールされる可能性があります。 🔍56,000件の
@CriminalIP_JP
19 Jun 2025
22 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-49113, #Roundcube 웹메일 #RCE 취약점! 메일 제목만으로 원격 코드 실행⚠️ 악성 메일을 수신받으면 공격자의 원격 명령으로 백도어가 설치될 수 있습니다. 🔍외부에 노출된 56,000여 개 인스턴스를 확인해보
@CriminalIP_KR
19 Jun 2025
76 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Desplegada actualización generalizada en todos los servidores mantenidos, propios y terceros para disponer de #RoundCube 1.6.11 para corregir fallo crítico CVE-2025-49113: https://t.co/1eqGonUsVh
@ASPLhosting
18 Jun 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TryHackMe | Roundcube: CVE-2025-49113 | WriteUp https://t.co/bkp3artOUm
@sn0optsz
18 Jun 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 15: Analyzed CVE-2025-49113 - CRITICAL RCE in Roundcube Webmail! CVSS: 9.9/10 | EPSS: 73.08% | 84K+ vulnerable installs Article link : https://t.co/kW9KNHYAjz #LSPPDay15 #60DaysOfLearning2025 #LearningWithLeapfrog @lftechnology
@itsdavidmandal
17 Jun 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Roundcube hit by critical zero-day as hackers sell exploit for CVE-2025-49113, enabling remote code execution in popular webmail platform. #CyberSecurity #ZeroDay #RoundcubeExploit https://t.co/6DG63LLywc
@CyberSecTV_eu
17 Jun 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Roundcube. Exploring CVE-2025-49113. https://t.co/p6rA3nKVZ2 #tryhackme via @realtryhackme
@stefan_pauly
17 Jun 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NEW RECENT THREAT: Roundcube: CVE-2025-49113 🔗 https://t.co/ZZLIh8F9H6 From webmail access to system access: Explore Roundcube's recent vulnerability in a lab environment. Learn how it works, how to exploit it, and how to mitigate it. 🔴 https://t.co/e4eM2Bfh6J
@RealTryHackMe
16 Jun 2025
4404 Impressions
9 Retweets
75 Likes
11 Bookmarks
0 Replies
0 Quotes
🐞 🪲 New room Roundcube: CVE-2025-49113 from TryHackMe 😸 Exploit CVE-2025-49113 in a lab environment. 🪝 This vulnerability allows remote code execution (RCE) by authenticated users Room link in first comment: 🦜🦜⤵️⤵️ https://t.co/m1cP2I6HEc
@DjalilAyed
16 Jun 2025
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-33053 2 - CVE-2025-3052 3 - CVE-2025-49113 4 - CVE-2025-33073 5 - CVE-2025-25022 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
16 Jun 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🤬CVE-2025-49113: Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization FOFA Link: https://t.co/wOdnSinywG FOFA Query: app="roundcube" Results: 51,584,735 Advisory:https://t.co/sWPSYiVk2z CVSS: 9.9 https://t.co/i45cBNBtyu
@TheMsterDoctor1
15 Jun 2025
4602 Impressions
28 Retweets
95 Likes
53 Bookmarks
3 Replies
0 Quotes
https://t.co/ejF6ZL2Q6A was NOT compromised via CVE-2025-49113 Roundcube RCE, according to them they are running older version of Roundcube, immune to the exploit. Nothing ever happens. Read more: https://t.co/iPYrP4EhFF https://t.co/erdLgPK5dc
@svobodacenter
15 Jun 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-49113: Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization FOFA Link: https://t.co/GeGdXSS1pj… FOFA Query: app="roundcube" Results: 51,584,735 Advisory: https://t.co/ELitlTM4bg… https://t.co/BJcfEYQL5C
@JackNike317913
15 Jun 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-49113: Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization FOFA Link: https://t.co/n8KZhhhs11 FOFA Query: app="roundcube" Results: 51,584,735 Advisory: https://t.co/ctSkVwwXDk CVSS: 9.9 https://t.co/u51dKTv92k
@DarkWebInformer
13 Jun 2025
7956 Impressions
29 Retweets
129 Likes
65 Bookmarks
2 Replies
0 Quotes
🚨 CVE-2025-49113 #RCE Alert! A 10-year-old flaw in Roundcube Webmail is now weaponized. Attackers exploit PHP deserialization to run arbitrary code. Over 1.9M instances at risk! 📄 Read full advisory: https://t.co/M8L5gynxA5 #CyberSecurity https://t.co/NZihmnHBTL
@sequretek_sqtk
13 Jun 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Több mint 84 000 Roundcube levelezőrendszer sebezhető világszerte Kiril Firsov biztonsági kutató fedezte fel a CVE-2025-49113 számon nyilván tartott sebezhetőséget, amely távoli kódfuttatást (RCE) tesz lehetővé a Roundcube nevű webmail szolgáltatás 1.1.0 és az
@linuxmint_hun
13 Jun 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Roundcube Webmail RCE (CVE-2025-49113) 🚨 A 10-year-old flaw in Roundcube Webmail is actively exploited for Remote Code Execution (CVSS 9.9). Over 84,000 servers at risk. ✅ Patch ASAP to 1.6.11 / 1.5.10. 🚫 Stop potential full server compromise. #Roundcube
@ZBounty18591
13 Jun 2025
10 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠ Critical RCE in Roundcube Mail (CVE-2025-49113)! #Mageia 9’s latest update patches a Post-Auth Remote Code Execution flaw. If you self-host email: ✅ Update NOW ✅ Audit logs ✅ Check for IOCs Read more: 👇https://t.co/hG7xhBvdL4 #InfoSec #SysAdmin https://t.co/4D9
@Cezar_H_Linux
12 Jun 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilidad en Roundcube Webmail: Un fallo crítico (CVE-2025-49113, CVSS 9.9) en Roundcube Webmail permite a usuarios autenticados tomar control total de servidores. Parches fueron lanzados el 1 de junio de 2025, pero muchas instalaciones siguen expuestas. https://t.co/4XM9Dn
@AlfonsoBalcells
12 Jun 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes