roundcube News Articles
Recent news articles refferecing the vendors vulnerabilities.
Security AffairsCVE-2025-49113Over 80,000 servers hit as roundcube RCE bug gets rapidly exploited
A critical remote code execution (RCE) vulnerability in Roundcube was exploited days after patch, impacting over 80,000 servers.
1 week ago
Round Cube Vulnerability
Patching Guidance Due to a vulnerability in Roundcube, both Plesk and cPanel require an update, which should be automatically picked up. However, users are recommended to force the update through. If you need...
1 week ago
PoC Code Escalates Roundcube Vuln Threat
The flaw allows an authenticated attacker to gain complete control over a Roundcube webmail server.
2 weeks ago
PoC Code Escalates Roundcube Vuln Threat
The flaw allows an authenticated attacker to gain complete control over a Roundcube webmail server.
2 weeks ago
Exploited Vulnerability Impacts Over 80,000 Roundcube Servers
Exploitation of a critical-severity RCE vulnerability in Roundcube started only days after a patch was released.
2 weeks ago
Over 84,000 Roundcube instances vulnerable to actively exploited flaw
Over 84,000 instances of the Roundcube webmail software are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) vulnerability with a publicly available exploit.
2 weeks ago
Help Net SecurityCVE-2025-49113Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113) - Help Net Security
With an exploit being offered for sale and a PoC exploit having been made public, attacks exploiting CVE-2025-49113 in Roundcube are incoming.
2 weeks ago
Cyware Daily Threat Intelligence, June 06, 2025
A silent takeover is unfolding through cheap, everyday smart devices. The FBI has reported over a million infections tied to BADBOX 2.0, a malware campaign targeting uncertified Android-based smart TVs, tablets, and IoT devices. Preinstalled malware and rogue updates turn these devices into resident...
2 weeks ago
CybersecurityNewsCVE-2024-42009Hackers Exploiting Roundcube Vulnerability to Steal User Credentials
A spear phishing campaign targeting Polish organizations, where threat actors successfully exploited the CVE-2024-42009 vulnerability in Roundcube webmail systems.
2 weeks ago
GBHackers NewsCVE-2024-42009Hackers Exploit Roundcube Vulnerability to Steal User Credentials via XSS Attack
CERT Polska reports that the attackers leveraged a critical vulnerability in the Roundcube webmail platform—CVE-2024-42009—to steal user credentials with minimal user interaction.
2 weeks ago
Hacker selling critical Roundcube webmail exploit as tech info disclosed
Hackers are actively exploiting CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution.
2 weeks ago
CERTCVE-2024-42009UNC1151 exploiting Roundcube to steal user credentials in a spearphishing campaign
CERT Polska has observed a spear phishing campaign targeting Polish entities this week. The threat actor attempted to exploit the CVE-2024-42009 vulnerability, which allows JavaScript code to be executed when...
2 weeks ago
Security AffairsCVE-2025-49113Roundcube Webmail under fire: critical exploit found after a decade
A critical flaw in Roundcube webmail, undetected for 10 years, allows attackers to take over systems and execute arbitrary code.
2 weeks ago
The Hacker NewsCVE-2025-49113Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code
Critical Roundcube bug CVE-2025-49113 affects versions before 1.6.11, enabling code execution via URL flaw.
3 weeks ago
GBHackers NewsCVE-2024-57004Roundcube XSS Flaw Allows Attackers to Inject Malicious Files
A critical Cross-Site Scripting (XSS) vulnerability has been discovered in the popular open-source webmail client, Roundcube, potentially exposing users to serious security risks.
Critical XSS bug in Roundcube Webmail allows attackers to steal emails and sensitive data
Researchers warn of flaws in the Roundcube webmail software that could be exploited to steal sensitive information from target accounts.
Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008) - Help Net Security
Roundcube XSS vulnerabilities (CVE-2024-42009, CVE-2024-42008) could be exploited to steal users' emails and contacts, and send emails.
MalwarebytesCVE-2023-43770Patch now! Roundcube mail servers are being actively exploited | Malwarebytes
A vulnerability in Roundcube webmail is being actively exploited and CISA is urging users to install an updated version.
Help Net SecurityCVE-2023-43770Roundcube webmail XSS vulnerability exploited by attackers (CVE-2023-43770) - Help Net Security
CVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers.
Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now
CISA has identified a medium-severity security flaw affecting Roundcube email software, categorized as CVE-2023-43770.
CISA: Roundcube email server bug now exploited in attacks
CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks.