CVE-2025-49113
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-49113. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1EPSS Score
v2025.03.14There is a 75.1% chance that this vulnerability will be exploited in the wild within the next 30 days.
Attack Vector Metrics
Impact Metrics
Description
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Available Exploits
Roundcube Webmail - Remote Code Execution
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
References:
- https://nvd.nist.gov/vuln/detail/CVE-2025-49113
- https://fearsoff.org/research/roundcube
- https://github.com/advisories/GHSA-8j8w-wwqc-x596
- http://www.openwall.com/lists/oss-security/2025/06/02/3
- https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10
- https://github.com/roundcube/roundcubemail/commit/0376f69e958a8fef7f6f09e352c541b4e7729c4d
- https://github.com/roundcube/roundcubemail/commit/7408f31379666124a39f9cb1018f62bc5e2dc695
- https://github.com/roundcube/roundcubemail/commit/c50a07d88ca38f018a0f4a0b008e9a1deb32637e
Related News
A critical remote code execution (RCE) vulnerability in Roundcube was exploited days after patch, impacting over 80,000 servers. Threat actors exploited a critical remote code execution (RCE) flaw in Roundcube, tracked as CVE-2025-49113, just days after the p…
Over 84,000 instances of the Roundcube webmail software are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) vulnerability with a publicly available exploit. [...]
With an exploit for a critical Roundcube vulnerability (CVE-2025-49113) being offered for sale on underground forums and a PoC exploit having been made public, attacks exploiting the flaw are incoming and possibly already happening. According to the Shadowser…
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
Affected Products (ENISA)
ENISA Scoring
CVSS Score (3.1)
EPSS Score
ENISA References
Data provided by ENISA EU Vulnerability Database. Last updated: June 9, 2025
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
GHSA-8j8w-wwqc-x596Advisory Details
Affected Packages
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References
Advisory provided by GitHub Security Advisory Database. Published: June 2, 2025, Modified: June 13, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
🔥 Top 10 Trending CVEs (03/09/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-53772](https://nvd.nist.gov/vuln/detail/CVE-2025-53772)** - 📝 Web Deploy Remote Code Execution Vulnerability - 📅 **Published:** 12/08/2025 - 📈 **CVSS:** 8.8 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C - 📣 **Mentions:** 6 - ⚠️ **Priority:** 2 - 📝 …
🔥 Top 10 Trending CVEs (24/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2024-4947](https://nvd.nist.gov/vuln/detail/CVE-2024-4947)** - 📝 Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security …
🔥 Top 10 Trending CVEs (23/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-49113](https://nvd.nist.gov/vuln/detail/CVE-2025-49113)** - 📝 Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading …
🔥 Top 10 Trending CVEs (26/06/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-6543](https://nvd.nist.gov/vuln/detail/CVE-2025-6543)** - 📝 Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway whenconfigured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP …
🔥 Top 10 Trending CVEs (25/06/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-50054](https://nvd.nist.gov/vuln/detail/CVE-2025-50054)** - 📝 Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to …
🔥 Top 10 Trending CVEs (18/06/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2023-33538](https://nvd.nist.gov/vuln/detail/CVE-2023-33538)** - 📝 TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . - 📅 **Published:** 07/06/2023 - 📈 **CVSS:** …
🔥 Top 10 Trending CVEs (17/06/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-3464](https://nvd.nist.gov/vuln/detail/CVE-2025-3464)** - 📝 A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the Security Update for Armoury …
🔥 Top 10 Trending CVEs (16/06/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-0133](https://nvd.nist.gov/vuln/detail/CVE-2025-0133)** - 📝 A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect gateway and portal features of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of …
🔥 Top 10 Trending CVEs (15/06/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2024-43468](https://nvd.nist.gov/vuln/detail/CVE-2024-43468)** - 📝 Microsoft Configuration Manager Remote Code Execution Vulnerability - 📅 **Published:** 08/10/2024 - 📈 **CVSS:** 9.8 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C - 📣 **Mentions:** 11 - ⚠️ **Priority:** 2 --- …
🔥 Top 10 Trending CVEs (11/06/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-33053](https://nvd.nist.gov/vuln/detail/CVE-2025-33053)** - 📝 Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability - 📅 **Published:** 10/06/2025 - 📈 **CVSS:** 8.8 - 🛡️ **CISA KEV:** True - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C - …