Ethical Hacking News
Two severe vulnerabilities in RoundCube Webmail have been added to the Known Exploited Vulnerabilities (KEV) catalog by CISA, emphasizing the importance of timely patching for webmail systems. These vulnerabilities pose significant risks to organizations and individuals utilizing RoundCube Webmail and must be addressed promptly to prevent potential attacks.
CISA has added two severe vulnerabilities in RoundCube Webmail to its Known Exploited Vulnerabilities (KEV) catalog, emphasizing the importance of timely patching for webmail systems. CVe-2025-49113 is a deserialization of untrusted data vulnerability with a CVSS score of 9.9, allowing attackers to execute arbitrary code and compromise sensitive data. CVE-2025-68461 is a cross-site scripting (XSS) vulnerability with a CVSS score of 7.2, allowing attackers to inject malicious code into the webmail interface. Organizations are urged to patch both vulnerabilities by March 10, 2026, and prioritize regular patching and monitoring to mitigate the risk of attack from sophisticated adversaries.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added two severe vulnerabilities in RoundCube Webmail to its Known Exploited Vulnerabilities (KEV) catalog, underscoring the importance of timely patching for webmail systems. These vulnerabilities, CVE-2025-49113 and CVE-2025-68461, pose significant risks to organizations and individuals utilizing RoundCube Webmail, as they can be exploited by attackers to gain unauthorized access to sensitive data.
CVE-2025-49113 is a deserialization of untrusted data vulnerability that allows an attacker to take control of affected systems and run malicious code. This flaw was discovered by Kirill Firsov, the founder and CEO of FearsOff, who estimated that it impacted over 53 million hosts, including tools like cPanel, Plesk, ISPConfig, DirectAdmin, etc. The vulnerability has been addressed in RoundCube versions 1.6.11 and 1.5.10 LTS.
The severity of CVE-2025-49113 was assessed as high, with a CVSS score of 9.9. This means that an attacker who exploits this vulnerability can potentially execute arbitrary code on the affected system, compromising sensitive data and systems. The fact that this vulnerability remained unnoticed for over a decade highlights the importance of continuous monitoring and patching for critical software.
The second vulnerability, CVE-2025-68461, is a cross-site scripting (XSS) vulnerability that allows an attacker to inject malicious code into the webmail interface. This flaw was identified in RoundCube versions 1.5.12 and 1.6 before 1.6.12. The severity of this vulnerability was assessed as moderate, with a CVSS score of 7.2.
Both vulnerabilities highlight the importance of keeping software up-to-date and addressing known exploits promptly. Organizations that fail to patch these vulnerabilities put themselves at risk of being targeted by sophisticated attackers who can exploit these weaknesses to gain unauthorized access to sensitive data.
CISA has ordered federal agencies to fix both vulnerabilities by March 10, 2026, emphasizing the urgency of addressing these critical security flaws. Private organizations are also urged to review the KEV catalog and address the vulnerabilities in their infrastructure to prevent potential attacks.
The recent addition of these vulnerabilities to the KEV catalog underscores the importance of staying vigilant and proactive in addressing known exploits. Organizations must prioritize regular patching and monitoring to mitigate the risk of attack from sophisticated adversaries.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Unpatched-Vulnerabilities-Threatening-Webmail-Systems-A-Comprehensive-Analysis-ehn.shtml
https://securityaffairs.com/188324/security/u-s-cisa-adds-roundcube-webmail-flaws-to-its-known-exploited-vulnerabilities-catalog.html
https://thehackernews.com/2026/02/cisa-adds-two-actively-exploited.html
https://nvd.nist.gov/vuln/detail/CVE-2025-49113
https://www.cvedetails.com/cve/CVE-2025-49113/
https://nvd.nist.gov/vuln/detail/CVE-2025-68461
https://www.cvedetails.com/cve/CVE-2025-68461/
Published: Sat Feb 21 06:14:43 2026 by llama3.2 3B Q4_K_M
