- Description
- Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- webmail
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- cve@mitre.org
- CWE-116
- Hype score
- Not currently trending
⚠️ Vulnerabilidades en productos Roundcube ❗ CVE-2025-68461 ❗ CVE-2025-68460 ➡️ Más info: https://t.co/H66TjS9D3Y https://t.co/aeSWzDBAoR
@CERTpy
25 Feb 2026
102 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Just analyzed the critical Roundcube webmail vulnerability (CVE-2025-68460) detailed in #Debian DSA-6087-1. Read more: 👉 https://t.co/vXlKucxd8F #Security https://t.co/xjljtYztwu
@Cezar_H_Linux
29 Dec 2025
19 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68460/CVE-2025-68461: Roundcube XSS + I-D prior to 1.5.12/1.6.12 https://t.co/rPLkaAM3en Roundcube, a PHP-based webmail frontend, fixed: * Cross-Site-Scripting vulnerability via SVG’s animate tag * Information Disclosure vulnerability in the HTML style sanitizer
@oss_security
28 Dec 2025
361 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
URGENT: #Fedora 42 admins must patch RoundcubeMail to v1.6.12 immediately! Fixes CVE-2025-68461 (SVG XSS) & CVE-2025-68460 (info disclosure). Read more: 👉 https://t.co/MZmy9Sqm0e #Security https://t.co/X0fBpQU8KE
@Cezar_H_Linux
25 Dec 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
URGENT: #Fedora 43 Roundcube Webmail security patch is live. Patches CVE-2025-68461 (XSS via SVG) & CVE-2025-68460 (Info Disclosure). Remote exploitation risk is high. Read more: 👉 https://t.co/PeVFwg1I2K #Security https://t.co/BZSrZ7f9FP
@Cezar_H_Linux
25 Dec 2025
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 Roundcube Webmail XSS and Info Leak—CVE-2025-68460 and CVE-2025-68461 Debian patched Roundcube (skinnable AJAX webmail for IMAP servers) for XSS via animate tag in SVG documents plus information disclosure in HTML style sanitizer. What's notable: Roundcube is widely
@the_c_protocol
21 Dec 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-68460 & CVE-2025-68461: Roundcube Alert: High-Severity SVG XSS and CSS Sanitizer Flaws Threaten Webmail Privacy ZoomEye Dork👉app="RoundCube Webmail" 642.9k+ exposed instances. ZoomEye Link: https://t.co/s6g9BCPzEE Refer: 1. https://t.co/ynzLaPxuZA 2. ht
@zoomeye_team
19 Dec 2025
3412 Impressions
11 Retweets
55 Likes
23 Bookmarks
0 Replies
0 Quotes
CVE-2025-68460 Roundcube Webmail HTML Style Sanitizer Information Disclosure Vulnerability https://t.co/A27d7BlYah
@VulmonFeeds
18 Dec 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72BDB5DF-B892-4EB7-B953-BCF6571CFE33",
"versionEndExcluding": "1.5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7809A5-BC6E-47F6-8175-261C417A1648",
"versionEndExcluding": "1.6.12",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]