AI description
CVE-2025-68461 is a Cross-Site Scripting (XSS) vulnerability affecting Roundcube Webmail versions before 1.5.12 and 1.6 before 1.6.12. The vulnerability is caused by improper neutralization of input during web page generation, specifically through the `animate` tag in SVG documents. This vulnerability allows an attacker to inject malicious JavaScript code that executes in the victim's browser when viewing crafted SVG content within the webmail interface. The vulnerability can be exploited over a network without requiring any privileges or user interaction.
- Description
- Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.2
- Impact score
- 2.7
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
- Severity
- HIGH
- cve@mitre.org
- CWE-79
- Hype score
- Not currently trending
CVE-2025-68460/CVE-2025-68461: Roundcube XSS + I-D prior to 1.5.12/1.6.12 https://t.co/rPLkaAM3en Roundcube, a PHP-based webmail frontend, fixed: * Cross-Site-Scripting vulnerability via SVG’s animate tag * Information Disclosure vulnerability in the HTML style sanitizer
@oss_security
28 Dec 2025
361 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
URGENT: #Fedora 42 admins must patch RoundcubeMail to v1.6.12 immediately! Fixes CVE-2025-68461 (SVG XSS) & CVE-2025-68460 (info disclosure). Read more: 👉 https://t.co/MZmy9Sqm0e #Security https://t.co/X0fBpQU8KE
@Cezar_H_Linux
25 Dec 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
URGENT: #Fedora 43 Roundcube Webmail security patch is live. Patches CVE-2025-68461 (XSS via SVG) & CVE-2025-68460 (Info Disclosure). Remote exploitation risk is high. Read more: 👉 https://t.co/PeVFwg1I2K #Security https://t.co/BZSrZ7f9FP
@Cezar_H_Linux
25 Dec 2025
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-68461 + CVE-2025-49113 Exploit chain, From XSS to RCE via malicious SVG file In Roundcube Webmail. Turning post auth RCE in to a 1 Click RCE: https://t.co/MD8luRLsK1 #BugBounty #RedTeam #PenetrationTesting #Infosec #CyberSecurity https://t.co/hWWSjydlbe
@ptestsec
23 Dec 2025
214 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-68461 Scanner! Github: https://t.co/CCJA83qeY4 #CyberSecurity #WebHacking #XSS #RoundCube #Pentesting #Hacking #hackers #programming #Coding #BugCrowd #HackerOne #MacOS #Linux https://t.co/s512ZOU4RL
@gotr00t0day
22 Dec 2025
101 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔴 Roundcube Webmail XSS and Info Leak—CVE-2025-68460 and CVE-2025-68461 Debian patched Roundcube (skinnable AJAX webmail for IMAP servers) for XSS via animate tag in SVG documents plus information disclosure in HTML style sanitizer. What's notable: Roundcube is widely
@the_c_protocol
21 Dec 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Uwaga! Groźna podatność! ⚠️ Kolejny raz informujemy o XSS w oprogramowaniu Roundcube Webmail - tym razem CVE-2025-68461. 📜 Pisaliśmy już dziś, że https://t.co/xOfdHF9oS7 przekroczyło próg 15 tysięcy użytkowników. Szybciej niż się spodziewaliśmy jest o
@CERT_Polska
19 Dec 2025
4392 Impressions
6 Retweets
24 Likes
4 Bookmarks
2 Replies
0 Quotes
🚨 CVE-2025-68461: XSS flaw in Roundcube Webmail (CVSS 7.2) via SVG animate tag. I've built a detection script here: https://t.co/bFOJ2CsyEX Patches are available - update to updated versions 1.6.12 and 1.5.12: https://t.co/CVLM5GL6fR https://t.co/lpLkRDVC7X
@rxerium
19 Dec 2025
13815 Impressions
42 Retweets
290 Likes
156 Bookmarks
2 Replies
0 Quotes
🚨🚨CVE-2025-68460 & CVE-2025-68461: Roundcube Alert: High-Severity SVG XSS and CSS Sanitizer Flaws Threaten Webmail Privacy ZoomEye Dork👉app="RoundCube Webmail" 642.9k+ exposed instances. ZoomEye Link: https://t.co/s6g9BCPzEE Refer: 1. https://t.co/ynzLaPxuZA 2. ht
@zoomeye_team
19 Dec 2025
3412 Impressions
11 Retweets
55 Likes
23 Bookmarks
0 Replies
0 Quotes
CVE-2025-68461 Cross-Site-Scripting Vulnerability in Roundcube Webmail Before 1.5.12 and 1.6.12 https://t.co/kdTmR89glC
@VulmonFeeds
18 Dec 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes