CVE-2025-68461
Published Dec 18, 2025
Last updated a month ago
- Description
- Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- webmail
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- RoundCube Webmail Cross-site Scripting Vulnerability
- Exploit added on
- Feb 20, 2026
- Exploit action due
- Mar 13, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
CVE-2025-68461: Roundcube Webmail SVG <animate> XSS sanitizer bypass (CVSS 7.2 High). Affects <1.5.12 and <1.6.12. Trick: attributeName="xlink:href" slips past naive comparisons → stored XSS path. Fix: normalize/strip namespace prefix. https://t.co/mZRAM2cOMP #XSS
@OstorlabSec
18 Mar 2026
109 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added RoundCube Webmail vulnerabilities CVE-2025-49113 & CVE-2025-68461 to our Known Exploited Vulnerabilities Catalog.
@NexusForgeCyber
16 Mar 2026
14 Impressions
3 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Alerta de Seguridad: Vulnerabilidad de Cross-Site Scripting en RoundCube Webmail (CVE-2025-68461) RoundCube Webmail presenta una vulnerabilidad de cross-site scripting (XSS) a través de la etiqueta animate en documentos SVG, permitiendo la ejecución de scripts malicioso
@CiberPlanetaOrg
16 Mar 2026
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CVE-2025-49113 and CVE-2025-68461 Added to CISA KEV Catalog CISA adds CVE-2025-49113 and CVE-2025-68461 to KEV Catalog; federal agencies must remediate by March 13, 2026. CVE: CVE-2025-49113, CVE… https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Adds Critical Roundcube Vulnerabilities to KEV Catalog CISA added CVE-2025-49113 and CVE-2025-68461 to KEV Catalog due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: N/A … https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Adds CVE-2025-49113 and CVE-2025-68461 to KEV Catalog CISA added two Roundcube Webmail vulnerabilities to KEV Catalog due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: Unkno… https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Adds CVE-2025-68461 to KEV Catalog CISA adds CVE-2025-68461 to KEV Catalog; agencies must remediate by March 13. CVE: CVE-2025-68461 • APT: N/A • Status: ACTIVE Federal agencies must act by… https://t.co/y4REX3zTlu
@MysocAi
26 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Adds RoundCube Webmail Vulnerabilities to KEV List CVE-2025-49113 and CVE-2025-68461 in RoundCube Webmail pose significant risks. CVE: CVE-2025-49113, CVE-2025-68461 • APT: APT28 • Status… https://t.co/YUrXNPqYU3
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerabilidades en productos Roundcube ❗ CVE-2025-68461 ❗ CVE-2025-68460 ➡️ Más info: https://t.co/H66TjS9D3Y https://t.co/aeSWzDBAoR
@CERTpy
25 Feb 2026
102 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] RoundCube Webmail Vulnerabilities Added to KEV List CISA adds two RoundCube flaws to its Known Exploited Vulnerabilities list. CVE: CVE-2025-49113, CVE-2025-68461 • APT: APT28 • Status: ACTIVE… https://t.co/YUrXNPqr4v
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Warns of Active Exploitation of RoundCube Webmail Flaws CISA alerts on active exploitation of CVE-2025-49113 and CVE-2025-68461 in RoundCube Web… https://t.co/tUOR2W8DOw
@MysocAi
25 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Alerte Urgente : Exploitation Active d’une Vulnérabilité XSS dans Roundcube Webmail – CVE-2025-68461 https://t.co/Qe1AhweX9X
@NicolasCoolman
25 Feb 2026
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Flags Actively Exploited Roundcube Webmail Vulnerabilities CISA added CVE-2025-49113 and CVE-2025-68461 to its KEV catalogue amid active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: Unk… https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Adds Roundcube Vulnerabilities to KEV Catalog CISA added CVE-2025-49113 and CVE-2025-68461 to KEV due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • Status: ACTIVE Indicates widespread … https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Flags Actively Exploited Roundcube Vulnerabilities CISA added CVE-2025-49113 and CVE-2025-68461 to KEV list due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: APT34 • Status: ACTIVE Aff… https://t.co/kYM2rfE8Mb
@MysocAi
25 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Adds Actively Exploited Roundcube Webmail Vulnerabilities to KEV Catalog CISA warns of active exploitation of CVE-2025-49113 and CVE-2025-68461 in Roundcube Webmail. CVE: CVE-2025-49113, CVE-2025-6… https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CRITICAL] CISA Adds Roundcube Webmail Flaws to KEV Catalog CVE-2025-49113 and CVE-2025-68461 added due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: N/A • Status: ACTIVE Critical vulnerabili… https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Adds Roundcube Webmail Vulnerabilities to KEV Catalog CVE-2025-49113 and CVE-2025-68461 added due to active exploitation. CVE: CVE-2025-49113, CVE-2025-68461 • APT: Unknown • Status: ACTIVE Critical v… https://t.co/KbRLi8GoQo
@MysocAi
25 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA alerts on active exploits of patched Roundcube Webmail flaws CVE-2025-49113 & CVE-2025-68461 tied to Winter Vivern and APT28. New AI-assisted Arkanix Stealer targets browsers, wallets, and games. #WinterVivern #ArkanixStealer #USA https://t.co/MoviDe2Gfl
@TweetThreatNews
25 Feb 2026
163 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CVE-2025-49113 and CVE-2025-68461 Exploited in RoundCube CISA warns of active exploitation of two critical vulnerabilities in RoundCube Webmail. CVE… https://t.co/tUOR2W8DOw
@MysocAi
24 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CVE-2025-49113 and CVE-2025-68461 in RoundCube Webmail Actively Exploited CISA warns of active exploitation of critical vulnerabilities in RoundCube … https://t.co/tUOR2W8DOw
@MysocAi
24 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49113 / CVE-2025-68461 ⚠️ Roundcube Webmail – Actively Exploited RCE & XSS (CISA KEV) CISA has added CVE-2025-49113 and CVE-2025-68461 to its KEV catalogue following confirmation of active in-the-wild exploitation targeting Roundcube Webmail. CVE-2025-49
@modat_magnify
24 Feb 2026
115 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Warns of Actively Exploited Roundcube Vulnerabilities CISA issues warning on CVE-2025-49113 and CVE-2025-68461 in Roundcube Webmail, urging prom… https://t.co/tUOR2W8DOw
@MysocAi
24 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HIGH] CISA Updates KEV Catalog with RoundCube Webmail Vulnerabilities CISA adds CVE-2025-49113 and CVE-2025-68461 to KEV catalog amid active exploitation. … https://t.co/tUOR2W8DOw
@MysocAi
24 Feb 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CISA Warns of RoundCube Webmail Exploits CISA alerts on activ… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unspecified ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Affects webmail services, risking unauthorized access. 🔗 https://t.co
@MysocAi
24 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CISA Warns of Active Exploitation of Roundcube Webmail Vulnerabilities CISA adds two Roundc… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Requires immediate remediation to prevent expl
@MysocAi
24 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ ACTIVELY EXPLOITED CVE CVE-2025-68461 Roundcube Webmail Active exploitation in Roundcube Webmail. RoundCube Webmail contains a... 🔧 https://t.co/GEoFZaUF01
@Dread91400105
24 Feb 2026
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🔶 [CRITICAL] CISA Warns of Actively Exploited RoundCube Webmail Vulnerabilities CISA alerts on CVE-2… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: N/A ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Immediate patching required to prevent exploitatio
@MysocAi
24 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [CRITICAL] CISA Warns of Active Exploitation of Roundcube Vulnerabilities CISA alerts on activ… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Requires immediate patching to prevent unauthorize
@MysocAi
24 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [CRITICAL] CISA Warns of Roundcube Webmail Vulnerabilities CISA issues warning … 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Exploitation for Privilege Escalation ⚔️ Requires immediate patching to preven
@MysocAi
24 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CISA Flags Actively Exploited Roundcube Webmail Vulnerabilities CISA adds CVE-2025-4… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: N/A ⚡ Status: ACTIVE 🎯 MITRE: Exploitation for Privilege Escalation, Exploitation for Defense Evasion ⚔️ Active expl
@MysocAi
23 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV: Roundcube webmail flaws CVE-2025-49113 (9.9 RCE) & CVE-2025-68461 (XSS) actively exploited Authenticated attackers can execute code #OpChildSafe: Patch Roundcube IMMEDIATELY Weak email =open door for ransomware & data theft Protect the vulnerable 🕊️🔥 #Ze
@Saints16294225
23 Feb 2026
184 Impressions
5 Retweets
9 Likes
0 Bookmarks
0 Replies
0 Quotes
Roundcube vulnerabilities (CVE-2025-49113, CVE-2025-68461) and BeyondTrust CVE-2026-1731 exploited in ransomware attacks delivering SparkRAT and VShell. PayPal and FICOBA breaches affect millions. AI and quantum security make progress. #BeyondTrust #PayPal https://t.co/fND6z5Jb1x
@TweetThreatNews
23 Feb 2026
44 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CISA Adds Roundcube Vulnerabilities to KEV Catalog CISA added CVE-2025-… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Affects widespread webmail service. 🔗 https://t.co/bzdGek9pqI
@MysocAi
23 Feb 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [CRITICAL] CISA Flags Actively Exploited Roundcube Vulnerabilities CISA added CVE-2025-… 🔴 CVE: CVE-2025-49113, CVE-2025-68461 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Execution ⚔️ Emphasizes urgency in patching webmail systems. 🔗
@MysocAi
23 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA reports active exploits targeting Roundcube Webmail flaws CVE-2025-49113 and CVE-2025-68461, with over 84,000 exposed instances. Federal agencies must patch by March 13 under BOD 22-01. #RoundcubeFlaws #U.S. #APT28 https://t.co/rLDdNV1cYq
@TweetThreatNews
23 Feb 2026
135 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Roundcube fait face à deux vulnérabilités exploitées (CVE-2025-49113 et CVE-2025-68461). Parking immédiat et durcissement de l'accès au webmail. Des dizaines de milliers d'installations exposées soulignent l'urgence... #cybersecurite #vulnerabilite https://t.co/g5qFMFQstN
@radarbytes_fr
23 Feb 2026
2 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Roundcube konfrontiert zwei ausgebeutete Schwachstellen (CVE-2025-49113 und CVE-2025-68461). Sofortige Parkplätze und Aushärtung des Zugangs zu Webmail. Zehntausende von Einrichtungen, die der Dringlichkeit... #cybersicherheit #schwachstellen #malware https://t.co/E3AfPaev7i
@radarbytes_de
23 Feb 2026
1 Impression
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
2026: CISA adds Roundcube webmail flaws to KEV -CVE-2025-49113 (9.9 RCE) & CVE-2025-68461 (XSS) actively exploited. Auth attackers can run code. #OpChildSafe: Update Roundcube NOW -weak email = gateway for ransomware/CSAM Hospitals & clinics: patch urgent! 🕊️🔥 #Ze
@Saints16294225
23 Feb 2026
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Adds Actively Exploited Roundcube Flaws to KEV: Patch CVE-2025-49113 RCE + CVE-2025-68461 XSS Now CISA added two Roundcube webmail issues to the KEV catalog after active exploitation evidence: CVE-2025-49113 (critical post-auth PHP object deserialization leading to
@ThreatSynop
23 Feb 2026
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerability Alert - Roundcube CISA added two actively exploited flaws to KEV: CVE-2025-49113 (CVSS 9.9, Auth RCE) CVE-2025-68461 (CVSS 7.2, XSS) Patch immediately and review exposure. #CyberSecurity #Roundcube #KEV #PatchNow https://t.co/g20CB2ZqpF
@CloneSystemsInc
23 Feb 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA: Roundcube Webmail Flaws Now Actively Exploited — Patch CVE-2025-49113 (RCE) and CVE-2025-68461 (XSS) by March 13 CISA added two Roundcube bugs to KEV after evidence of active exploitation: CVE-2025-49113 (critical RCE via deserialization) and CVE-2025-68461
@ThreatSynop
23 Feb 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Roundcubeに緊急パッチ!🚨 CISAがRoundcubeの脆弱性CVE-2025-49113とCVE-2025-68461をKEVカタログに追加。認証済みユーザーによるリモートコード実行やXSS攻撃のリスクあり⚠️早急なアップデートを推奨!皆さんのメ
@motch_dev
22 Feb 2026
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA adds Roundcube KEV vulnerabilities: CVE-2025-49113 deserial + CVE-2025-68461 XSS actively exploited. FCEB patch now! 👇 https://t.co/YrKKCduDVa #ZeroDaysAndCVEs #CISA #Cybersecurity
@CyberEdition
22 Feb 2026
59 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-49113 RoundCube Webmail Deserialization of Untrusted Data Vulnerability CVE-2025-68461 RoundCube Webmail Cross-site Scripting Vulnerability CISA Adds Two Known Exploited Vulnerabilities to Catalog https://t.co/14khZkY6Gm
@autumn_good_35
21 Feb 2026
735 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
CISA adds CVE-2025-49113 (RCE) and CVE-2025-68461 (XSS) in Roundcube webmail to Known Exploited Vulnerabilities catalog due to active exploitation. https://t.co/Q0WG3TtSfa #Cybersecurity #CISA #Roundcube #KEV #CVE202549113 #CVE202568461 #RCE #XSS #WebmailSecurity #ThreatIntel h
@redsecuretech
21 Feb 2026
60 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Adds Actively Exploited Roundcube Webmail Flaws to KEV: Patch CVE-2025-49113 RCE and CVE-2025-68461 XSS CISA added two Roundcube vulnerabilities to the KEV catalog: CVE-2025-49113 (9.9) authenticated PHP object deserialization leading to RCE via an unvalidated `_from`
@ThreatSynop
21 Feb 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログにRoundCubeのCVE-2025-49113とCVE-2025-68461を追加。対処期限は通常の3/13。ランサムウェアによる悪用は不知。 https://t.co/5mntWfraL
@__kokumoto
21 Feb 2026
649 Impressions
0 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
CISAが2つの既知の脆弱性をカタログに追加 https://t.co/Ig62T60t9V CVE-2025-49113 RoundCube Webメールにおける信頼できないデータのデシリアライゼーションの脆弱性 CVE-2025-68461 RoundCube Webメールのクロスサイトスクリプテ
@cybersecnews_jp
21 Feb 2026
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🛡️ We added RoundCube Webmail vulnerabilities CVE-2025-49113 & CVE-2025-68461 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/94NN54MXCA
@CISACyber
20 Feb 2026
3818 Impressions
9 Retweets
33 Likes
4 Bookmarks
4 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72BDB5DF-B892-4EB7-B953-BCF6571CFE33",
"versionEndExcluding": "1.5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7809A5-BC6E-47F6-8175-261C417A1648",
"versionEndExcluding": "1.6.12",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]