Ethical Hacking News
CISA has issued a warning about two critical vulnerabilities in the Roundcube webmail platform, which have been actively exploited by threat actors. The U.S. government's cybersecurity agency has added these vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, indicating that they pose significant risks to federal agencies and other organizations that use the platform.
The first vulnerability, CVE-2025-49113, is a critical remote code execution flaw that was patched in June 2025. Despite being fixed, threat actors have been exploiting this vulnerability days after it was patched, according to Internet security watchdog Shadowserver. The agency has tracked over 84,000 vulnerable Roundcube webmail installations worldwide.
The second vulnerability, CVE-2025-68461, is a remote, unauthenticated cross-site scripting (XSS) attack that can be exploited through low-complexity attacks on the animate tag in SVG documents. Roundcube patched this vulnerability in December 2025 and released versions 1.6.12 and 1.5.12 to address the security flaw.
CISA has warned that these vulnerabilities are frequent attack vectors for malicious cyber actors, posing significant risks to federal agencies and other organizations that use Roundcube webmail. The agency has ordered Federal Civilian Executive Branch (FCEB) agencies to secure their systems against these security bugs within three weeks, by March 13.
CISA has issued a warning about two critical vulnerabilities in the Roundcube webmail platform. The first vulnerability, CVE-2025-49113, is a critical remote code execution flaw that was patched in June 2025 but still being exploited. The second vulnerability, CVE-2025-68461, is a remote, unauthenticated cross-site scripting (XSS) attack that can be exploited through low-complexity attacks on the animate tag in SVG documents. CISA has warned that these vulnerabilities are frequent attack vectors for malicious cyber actors, posing significant risks to federal agencies and other organizations. The agency has ordered Federal Civilian Executive Branch (FCEB) agencies to secure their systems against these security bugs within three weeks.
CISA has issued a warning about two critical vulnerabilities in the Roundcube webmail platform, which have been actively exploited by threat actors. The U.S. government's cybersecurity agency has added these vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, indicating that they pose significant risks to federal agencies and other organizations that use the platform.
The first vulnerability, CVE-2025-49113, is a critical remote code execution flaw that was patched in June 2025. However, despite being fixed, threat actors have been exploiting this vulnerability days after it was patched, according to Internet security watchdog Shadowserver. The agency has tracked over 84,000 vulnerable Roundcube webmail installations worldwide.
The second vulnerability, CVE-2025-68461, is a remote, unauthenticated cross-site scripting (XSS) attack that can be exploited through low-complexity attacks on the animate tag in SVG documents. Roundcube patched this vulnerability in December 2025 and released versions 1.6.12 and 1.5.12 to address the security flaw.
CISA has warned that these vulnerabilities are frequent attack vectors for malicious cyber actors, posing significant risks to federal agencies and other organizations that use Roundcube webmail. The agency has ordered Federal Civilian Executive Branch (FCEB) agencies to secure their systems against these security bugs within three weeks, by March 13.
The U.S. cybersecurity agency has tracked ten other Roundcube Webmail vulnerabilities that are either actively exploited in attacks or have been abused in the past. These vulnerabilities include stored cross-site scripting (XSS) vulnerability (CVE-2023-5631), which was exploited by the Russian hacking group Winter Vivern (TA473) to breach European government entities.
In addition, Roundcube instances online (Shodan currently tracks over 46,000 instances accessible on the internet), but there is no information on how many of them are vulnerable to CVE-2025-49113 or CVE-2025-68461 attacks. CISA has ordered federal agencies to secure their systems against these security bugs within three weeks.
The U.S. cybersecurity agency has also added several other Roundcube Webmail vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, including a critical SolarWinds RCE flaw and a MongoDB "Bleed" flaw that was exploited in recent attacks. The agency's efforts aim to raise awareness about the risks of these vulnerabilities and encourage organizations to take proactive steps to secure their systems.
Furthermore, CISA has flagged several other vulnerabilities as actively exploited in attacks, including an email vulnerability (CVE-2025-49113), BeyondTrust RCE flaw now exploited in ransomware attacks, and over 84,000 Roundcube instances vulnerable to actively exploited flaws. The U.S. cybersecurity agency's Known Exploited Vulnerabilities (KEV) Catalog provides a list of recently identified vulnerabilities that have been found to be exploited by attackers.
The future of IT infrastructure is here
Modern IT infrastructure moves faster than manual workflows can handle.In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
Get the guide
Related Articles:
CISA warns of five-year-old GitLab flaw exploited in attacksCISA flags critical SolarWinds RCE flaw as exploited in attacksCISA orders feds to patch MongoBleed flaw exploited in attacksOver 84,000 Roundcube instances vulnerable to actively exploited flawsCISA: BeyondTrust RCE flaw now exploited in ransomware attacks
Actively Exploited
CISA
Email
Mail
Roundcube
Warning
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Warns-of-Active-Exploitation-of-Roundcube-Webmail-Flaws-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisa-recently-patched-roundcube-flaws-now-exploited-in-attacks/
https://www.securityweek.com/recent-roundcube-webmail-vulnerability-exploited-in-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2025-49113
https://www.cvedetails.com/cve/CVE-2025-49113/
https://nvd.nist.gov/vuln/detail/CVE-2025-68461
https://www.cvedetails.com/cve/CVE-2025-68461/
Published: Mon Feb 23 06:34:27 2026 by llama3.2 3B Q4_K_M
