Ethical Hacking News
Two vulnerabilities in Roundcube webmail software have been identified by CISA, prompting federal civilian executive branch agencies to take immediate action to remediate the issues before March 13, 2026. This move comes as a warning to organizations relying on this software for their webmail needs, and serves as a reminder of the ongoing threat of cybersecurity breaches. By patching these vulnerabilities promptly, organizations can significantly reduce their exposure to potential security breaches.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two Roundcube webmail software vulnerabilities to its Known Exploited Vulnerabilities catalog. CVE-2025-49113, a deserialization of untrusted data vulnerability, allows remote code execution by authenticated users. CVE-2025-68461, a cross-site scripting vulnerability via the animate tag in an SVG document, has been identified by FearsOff. The vulnerabilities have already been exploited by malicious actors, with attackers "diffing and weaponizing" CVE-2025-49113 within 48 hours of public disclosure.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This move comes as a warning to federal civilian executive branch agencies, who are required to remediate identified vulnerabilities by March 13, 2026, to secure their networks against the active threat.
The first vulnerability in question, CVE-2025-49113, is a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users. This flaw was discovered and reported by Dubai-based cybersecurity company FearsOff, whose founder and CEO Kirill Firsov was credited with finding and disclosing the issue. According to Firsov, attackers have already "diffed and weaponized" the vulnerability within 48 hours of public disclosure of the flaw. Furthermore, this shortcoming can be triggered reliably on default installations, and it had been hidden in the codebase for over 10 years.
The second vulnerability, CVE-2025-68461, is a cross-site scripting vulnerability via the animate tag in an SVG document. Like the first vulnerability, FearsOff also discovered and reported this issue, although the extent to which attackers have already exploited it remains unclear. It is worth noting that multiple vulnerabilities in email software have been weaponized by nation-state threat actors like APT28 and Winter Vivern.
The fact that these two vulnerabilities were identified by CISA serves as a reminder of the ever-present threat of cybersecurity breaches. As organizations continue to rely on software such as Roundcube for their webmail needs, it is essential that they take proactive steps to address known security flaws before they become exploited by malicious actors.
In response to this newly identified vulnerability, FearsOff has urged organizations to patch these issues promptly and thoroughly, particularly in light of the fact that an exploit for CVE-2025-49113 was made available for sale on June 4, 2025. It is crucial that these vulnerabilities be remediated as soon as possible to minimize potential risks to the integrity and security of Roundcube webmail software.
In terms of mitigating this risk, FearsOff recommends that organizations take immediate action to patch both identified vulnerabilities in Roundcube webmail software. This can include updating to a version of the software that is known to be secure, or implementing additional security measures such as using a Web Application Firewall (WAF) to monitor and block malicious traffic.
The incident highlights the importance of staying informed about newly disclosed vulnerabilities and taking swift action to address them before they become exploited by malicious actors. As cybersecurity threats continue to evolve at an alarming rate, it is more crucial than ever for organizations to prioritize the security and integrity of their software systems.
In conclusion, the recent identification of two serious vulnerabilities in Roundcube webmail software serves as a stark reminder of the ongoing threat of cybersecurity breaches. By prioritizing proactive measures such as patching and securing vulnerable systems, organizations can significantly reduce their exposure to these types of threats and protect themselves against potential security breaches.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Security-Threats-Loom-as-Two-Vulnerabilities-in-Roundcube-Webmail-Software-Are-Identified-by-CISA-ehn.shtml
https://thehackernews.com/2026/02/cisa-adds-two-actively-exploited.html
https://www.cisa.gov/news-events/alerts/2025/10/24/cisa-adds-two-known-exploited-vulnerabilities-catalog
https://nvd.nist.gov/vuln/detail/CVE-2025-49113
https://www.cvedetails.com/cve/CVE-2025-49113/
https://nvd.nist.gov/vuln/detail/CVE-2025-68461
https://www.cvedetails.com/cve/CVE-2025-68461/
Published: Sat Feb 21 02:28:54 2026 by llama3.2 3B Q4_K_M
