Hackers are actively exploiting a critical remote code execution vulnerability, CVE-2025-49113, in the popular open-source webmail application Roundcube. The widespread impact and quick development of exploits pose serious security threats to organizations using this software. #CVE-2025-49113 #Roundcube #EmailSecurity
Keypoints
- The vulnerability CVE-2025-49113 affects Roundcube versions 1.1.0 to 1.6.10 and allows remote code execution.
- Attackers quickly reverse engineered the fix, developed and sold exploits on hacker forums within days.
- The flaw involves unsanitized $_GET[β_fromβ] parameter leading to PHP Object deserialization.
- At least one vulnerability broker is paying up to $50,000 for Roundcube RCE exploits.
- Roundcubeβs widespread use in hosting services and organizations makes this vulnerability highly impactful.
Views: 21