ROUN
NET:ROUNDCUBE
Roundcube
- Privately Held
news - Jun 12, 2025 - 12:30
Roundcube Webmail: Mehr als 10.000 verwundbare Instanzen in Deutschland
A critical security vulnerability in Roundcube Webmail has been exploited, affecting over 66,801 instances globally, including more than 10,500 in Germany. The flaw allows authenticated users to inject malicious code, prompting CISA to add it to their known exploited vulnerabilities catalog. IT administrators are advised to update to versions 1.5.10 and 1.6.11 to mitigate risks.
heise.denews - Jun 10, 2025 - 11:01
84,000+ Roundcube Webmail Installation Vulnerable to Remote Code Execution Attacks
A critical security vulnerability (CVE-2025-49113) in Roundcube webmail allows authenticated users to execute arbitrary code remotely, exposing over 84,000 systems globally. The Shadowserver Foundation reports widespread exposure across North America, Europe, and Asia, with patches available in Roundcube versions 1.6.11 and 1.5.10 to mitigate the risk of exploitation by state actors and malicious actors.
cybersecuritynews.comnews - Jun 06, 2025 - 10:16
Hackers Exploiting Roundcube Vulnerability to Steal User Credentials
A sophisticated spear phishing campaign targeting Polish organizations exploited the CVE-2024-42009 vulnerability in Roundcube webmail systems, enabling credential theft via a Service Worker-based attack. The threat group UNC1151, linked to Belarusian and Russian intelligence, used social engineering tactics to compromise users. A new Roundcube vulnerability (CVE-2025-49113) was also identified, though not yet exploited.
cybersecuritynews.comnews - Jun 03, 2025 - 19:15
10-Year-Old Roundcube RCE Vulnerability Let Attackers Execute Malicious Code
A critical security vulnerability in Roundcube Webmail, tracked as CVE-2025-49113, allows authenticated attackers to execute arbitrary code on vulnerable systems, affecting over 53 million installations globally. The flaw, discovered by Kirill Firsov of Dubai-based cybersecurity firm FearsOff, exploits PHP object deserialization in Roundcube versions prior to 1.5.10 and 1.6.11. Previous vulnerabilities have been exploited by APT groups like APT28, and organizations are urged to apply patches immediately.
cybersecuritynews.comnews - Jun 03, 2025 - 14:20
Jetzt patchen: Exploit für kritische Roundcube-Lücke ist öffentlich
A critical security vulnerability (CVE-2025-49113) in Roundcube webmail software was disclosed, with an exploit example now available on GitHub. Admins are urged to update immediately to prevent unauthorized command execution via the 'from' parameter in URLs. The vulnerability affects over 53 million hosts and was discovered by FearsOff, who noted it has existed for ten years.
heise.deDescription
Roundcube is a browser-based multilingual IMAP client that provides email client functionality including MIME support, address book, and message searching. Self-described as an open-source webmail software.