CVE-2025-68461
Published Dec 18, 2025
Last updated 3 months ago
AI description
CVE-2025-68461 is a Cross-Site Scripting (XSS) vulnerability affecting Roundcube Webmail versions before 1.5.12 and 1.6 before 1.6.12. The vulnerability is caused by improper neutralization of input during web page generation, specifically through the `animate` tag in SVG documents. This vulnerability allows an attacker to inject malicious JavaScript code that executes in the victim's browser when viewing crafted SVG content within the webmail interface. The vulnerability can be exploited over a network without requiring any privileges or user interaction.
- Description
- Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- webmail
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- RoundCube Webmail Cross-site Scripting Vulnerability
- Exploit added on
- Feb 20, 2026
- Exploit action due
- Mar 13, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
CVE-2025-68461: Roundcube Webmail SVG <animate> XSS sanitizer bypass (CVSS 7.2 High). Affects <1.5.12 and <1.6.12. Trick: attributeName="xlink:href" slips past naive comparisons → stored XSS path. Fix: normalize/strip namespace prefix. https://t.co/mZRAM2cOMP #XSS
@OstorlabSec
18 Mar 2026
109 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added RoundCube Webmail vulnerabilities CVE-2025-49113 & CVE-2025-68461 to our Known Exploited Vulnerabilities Catalog.
@NexusForgeCyber
16 Mar 2026
14 Impressions
3 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Alerta de Seguridad: Vulnerabilidad de Cross-Site Scripting en RoundCube Webmail (CVE-2025-68461) RoundCube Webmail presenta una vulnerabilidad de cross-site scripting (XSS) a través de la etiqueta animate en documentos SVG, permitiendo la ejecución de scripts malicioso
@CiberPlanetaOrg
16 Mar 2026
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CVE-2025-49113 and CVE-2025-68461 Added to CISA KEV Catalog CISA adds CVE-2025-49113 and CVE-2025-68461 to KEV Catalog; federal agencies must remediate by March 13, 2026. CVE: CVE-2025-49113, CVE… https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Adds Critical Roundcube Vulnerabilities to KEV Catalog CISA added CVE-2025-49113 and CVE-2025-68461 to KEV Catalog due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: N/A … https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Adds CVE-2025-49113 and CVE-2025-68461 to KEV Catalog CISA added two Roundcube Webmail vulnerabilities to KEV Catalog due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: Unkno… https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Adds CVE-2025-68461 to KEV Catalog CISA adds CVE-2025-68461 to KEV Catalog; agencies must remediate by March 13. CVE: CVE-2025-68461 • APT: N/A • Status: ACTIVE Federal agencies must act by… https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Adds RoundCube Webmail Vulnerabilities to KEV List CVE-2025-49113 and CVE-2025-68461 in RoundCube Webmail pose significant risks. CVE: CVE-2025-49113, CVE-2025-68461 • APT: APT28 • Status… https://t.co/YUrXNPqYU3
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerabilidades en productos Roundcube ❗ CVE-2025-68461 ❗ CVE-2025-68460 ➡️ Más info: https://t.co/H66TjS9D3Y https://t.co/aeSWzDBAoR
@CERTpy
25 Feb 2026
102 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] RoundCube Webmail Vulnerabilities Added to KEV List CISA adds two RoundCube flaws to its Known Exploited Vulnerabilities list. CVE: CVE-2025-49113, CVE-2025-68461 • APT: APT28 • Status: ACTIVE… https://t.co/YUrXNPqr4v
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Warns of Active Exploitation of RoundCube Webmail Flaws CISA alerts on active exploitation of CVE-2025-49113 and CVE-2025-68461 in RoundCube Web… https://t.co/tUOR2W8DOw
@MysocAi
25 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Alerte Urgente : Exploitation Active d’une Vulnérabilité XSS dans Roundcube Webmail – CVE-2025-68461 https://t.co/Qe1AhweX9X
@NicolasCoolman
25 Feb 2026
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Flags Actively Exploited Roundcube Webmail Vulnerabilities CISA added CVE-2025-49113 and CVE-2025-68461 to its KEV catalogue amid active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: Unk… https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Adds Roundcube Vulnerabilities to KEV Catalog CISA added CVE-2025-49113 and CVE-2025-68461 to KEV due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • Status: ACTIVE Indicates widespread … https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Flags Actively Exploited Roundcube Vulnerabilities CISA added CVE-2025-49113 and CVE-2025-68461 to KEV list due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: APT34 • Status: ACTIVE Aff… https://t.co/kYM2rfE8Mb
@MysocAi
25 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Adds Actively Exploited Roundcube Webmail Vulnerabilities to KEV Catalog CISA warns of active exploitation of CVE-2025-49113 and CVE-2025-68461 in Roundcube Webmail. CVE: CVE-2025-49113, CVE-2025-6… https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Adds Roundcube Webmail Flaws to KEV Catalog CVE-2025-49113 and CVE-2025-68461 added due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: N/A • Status: ACTIVE Critical vulnerabili… https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Adds Roundcube Webmail Vulnerabilities to KEV Catalog CVE-2025-49113 and CVE-2025-68461 added due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: Unknown • Status: ACTIVE Critical v… https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA alerts on active exploits of patched Roundcube Webmail flaws CVE-2025-49113 & CVE-2025-68461 tied to Winter Vivern and APT28. New AI-assisted Arkanix Stealer targets browsers, wallets, and games. #WinterVivern #ArkanixStealer #USA https://t.co/MoviDe2Gfl
@TweetThreatNews
25 Feb 2026
163 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CVE-2025-49113 and CVE-2025-68461 Exploited in RoundCube CISA warns of active exploitation of two critical vulnerabilities in RoundCube Webmail. CVE… https://t.co/tUOR2W8DOw
@MysocAi
24 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CVE-2025-49113 and CVE-2025-68461 in RoundCube Webmail Actively Exploited CISA warns of active exploitation of critical vulnerabilities in RoundCube … https://t.co/tUOR2W8DOw
@MysocAi
24 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49113 / CVE-2025-68461 ⚠️ Roundcube Webmail – Actively Exploited RCE & XSS (CISA KEV) CISA has added CVE-2025-49113 and CVE-2025-68461 to its KEV catalogue following confirmation of active in-the-wild exploitation targeting Roundcube Webmail. CVE-2025-49
@modat_magnify
24 Feb 2026
115 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Warns of Actively Exploited Roundcube Vulnerabilities CISA issues warning on CVE-2025-49113 and CVE-2025-68461 in Roundcube Webmail, urging prom… https://t.co/tUOR2W8DOw
@MysocAi
24 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Updates KEV Catalog with RoundCube Webmail Vulnerabilities CISA adds CVE-2025-49113 and CVE-2025-68461 to KEV catalog amid active exploitation. … https://t.co/tUOR2W8DOw
@MysocAi
24 Feb 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CISA Warns of RoundCube Webmail Exploits CISA alerts on activ… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unspecified ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Affects webmail services, risking unauthorized access. 🔗 https://t.co
@MysocAi
24 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CISA Warns of Active Exploitation of Roundcube Webmail Vulnerabilities CISA adds two Roundc… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Requires immediate remediation to prevent expl
@MysocAi
24 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ ACTIVELY EXPLOITED CVE CVE-2025-68461 Roundcube Webmail Active exploitation in Roundcube Webmail. RoundCube Webmail contains a... 🔧 https://t.co/GEoFZaUF01
@Dread91400105
24 Feb 2026
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🔶 [CRITICAL] CISA Warns of Actively Exploited RoundCube Webmail Vulnerabilities CISA alerts on CVE-2… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: N/A ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Immediate patching required to prevent exploitatio
@MysocAi
24 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [CRITICAL] CISA Warns of Active Exploitation of Roundcube Vulnerabilities CISA alerts on activ… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Requires immediate patching to prevent unauthorize
@MysocAi
24 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [CRITICAL] CISA Warns of Roundcube Webmail Vulnerabilities CISA issues warning … 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Exploitation for Privilege Escalation ⚔️ Requires immediate patching to preven
@MysocAi
24 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CISA Flags Actively Exploited Roundcube Webmail Vulnerabilities CISA adds CVE-2025-4… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: N/A ⚡ Status: ACTIVE 🎯 MITRE: Exploitation for Privilege Escalation, Exploitation for Defense Evasion ⚔️ Active expl
@MysocAi
23 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV: Roundcube webmail flaws CVE-2025-49113 (9.9 RCE) & CVE-2025-68461 (XSS) actively exploited Authenticated attackers can execute code #OpChildSafe: Patch Roundcube IMMEDIATELY Weak email =open door for ransomware & data theft Protect the vulnerable 🕊️🔥 #Ze
@Saints16294225
23 Feb 2026
184 Impressions
5 Retweets
9 Likes
0 Bookmarks
0 Replies
0 Quotes
Roundcube vulnerabilities (CVE-2025-49113, CVE-2025-68461) and BeyondTrust CVE-2026-1731 exploited in ransomware attacks delivering SparkRAT and VShell. PayPal and FICOBA breaches affect millions. AI and quantum security make progress. #BeyondTrust #PayPal https://t.co/fND6z5Jb1x
@TweetThreatNews
23 Feb 2026
44 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CISA Adds Roundcube Vulnerabilities to KEV Catalog CISA added CVE-2025-… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Affects widespread webmail service. 🔗 https://t.co/bzdGek9pqI
@MysocAi
23 Feb 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [CRITICAL] CISA Flags Actively Exploited Roundcube Vulnerabilities CISA added CVE-2025-… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Emphasizes urgency in patching webmail systems. 🔗
@MysocAi
23 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA reports active exploits targeting Roundcube Webmail flaws CVE-2025-49113 and CVE-2025-68461, with over 84,000 exposed instances. Federal agencies must patch by March 13 under BOD 22-01. #RoundcubeFlaws #U.S. #APT28 https://t.co/rLDdNV1cYq
@TweetThreatNews
23 Feb 2026
135 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Roundcube fait face à deux vulnérabilités exploitées (CVE-2025-49113 et CVE-2025-68461). Parking immédiat et durcissement de l'accès au webmail. Des dizaines de milliers d'installations exposées soulignent l'urgence... #cybersecurite #vulnerabilite https://t.co/g5qFMFQstN
@radarbytes_fr
23 Feb 2026
2 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Roundcube konfrontiert zwei ausgebeutete Schwachstellen (CVE-2025-49113 und CVE-2025-68461). Sofortige Parkplätze und Aushärtung des Zugangs zu Webmail. Zehntausende von Einrichtungen, die der Dringlichkeit... #cybersicherheit #schwachstellen #malware https://t.co/E3AfPaev7i
@radarbytes_de
23 Feb 2026
1 Impression
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
2026: CISA adds Roundcube webmail flaws to KEV -CVE-2025-49113 (9.9 RCE) & CVE-2025-68461 (XSS) actively exploited. Auth attackers can run code. #OpChildSafe: Update Roundcube NOW -weak email = gateway for ransomware/CSAM Hospitals & clinics: patch urgent! 🕊️🔥 #Ze
@Saints16294225
23 Feb 2026
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Adds Actively Exploited Roundcube Flaws to KEV: Patch CVE-2025-49113 RCE + CVE-2025-68461 XSS Now CISA added two Roundcube webmail issues to the KEV catalog after active exploitation evidence: CVE-2025-49113 (critical post-auth PHP object deserialization leading to
@ThreatSynop
23 Feb 2026
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerability Alert - Roundcube CISA added two actively exploited flaws to KEV: CVE-2025-49113 (CVSS 9.9, Auth RCE) CVE-2025-68461 (CVSS 7.2, XSS) Patch immediately and review exposure. #CyberSecurity #Roundcube #KEV #PatchNow https://t.co/g20CB2ZqpF
@CloneSystemsInc
23 Feb 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA: Roundcube Webmail Flaws Now Actively Exploited — Patch CVE-2025-49113 (RCE) and CVE-2025-68461 (XSS) by March 13 CISA added two Roundcube bugs to KEV after evidence of active exploitation: CVE-2025-49113 (critical RCE via deserialization) and CVE-2025-68461
@ThreatSynop
23 Feb 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Roundcubeに緊急パッチ!🚨 CISAがRoundcubeの脆弱性CVE-2025-49113とCVE-2025-68461をKEVカタログに追加。認証済みユーザーによるリモートコード実行やXSS攻撃のリスクあり⚠️早急なアップデートを推奨!皆さんのメ
@motch_dev
22 Feb 2026
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA adds Roundcube KEV vulnerabilities: CVE-2025-49113 deserial + CVE-2025-68461 XSS actively exploited. FCEB patch now! 👇 https://t.co/YrKKCduDVa #ZeroDaysAndCVEs #CISA #Cybersecurity
@CyberEdition
22 Feb 2026
59 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-49113 RoundCube Webmail Deserialization of Untrusted Data Vulnerability CVE-2025-68461 RoundCube Webmail Cross-site Scripting Vulnerability CISA Adds Two Known Exploited Vulnerabilities to Catalog https://t.co/14khZkY6Gm
@autumn_good_35
21 Feb 2026
735 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
CISA adds CVE-2025-49113 (RCE) and CVE-2025-68461 (XSS) in Roundcube webmail to Known Exploited Vulnerabilities catalog due to active exploitation. https://t.co/Q0WG3TtSfa #Cybersecurity #CISA #Roundcube #KEV #CVE202549113 #CVE202568461 #RCE #XSS #WebmailSecurity #ThreatIntel h
@redsecuretech
21 Feb 2026
60 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Adds Actively Exploited Roundcube Webmail Flaws to KEV: Patch CVE-2025-49113 RCE and CVE-2025-68461 XSS CISA added two Roundcube vulnerabilities to the KEV catalog: CVE-2025-49113 (9.9) authenticated PHP object deserialization leading to RCE via an unvalidated `_from`
@ThreatSynop
21 Feb 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログにRoundCubeのCVE-2025-49113とCVE-2025-68461を追加。対処期限は通常の3/13。ランサムウェアによる悪用は不知。 https://t.co/5mntWfraL
@__kokumoto
21 Feb 2026
649 Impressions
0 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
CISAが2つの既知の脆弱性をカタログに追加 https://t.co/Ig62T60t9V CVE-2025-49113 RoundCube Webメールにおける信頼できないデータのデシリアライゼーションの脆弱性 CVE-2025-68461 RoundCube Webメールのクロスサイトスクリプテ
@cybersecnews_jp
21 Feb 2026
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🛡️ We added RoundCube Webmail vulnerabilities CVE-2025-49113 & CVE-2025-68461 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/94NN54MXCA
@CISACyber
20 Feb 2026
3818 Impressions
9 Retweets
33 Likes
4 Bookmarks
4 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72BDB5DF-B892-4EB7-B953-BCF6571CFE33",
"versionEndExcluding": "1.5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7809A5-BC6E-47F6-8175-261C417A1648",
"versionEndExcluding": "1.6.12",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]