Remote Code Execution Vulnerability in Roundcube Webmail by Roundcube
CVE-2025-49113

9.9CRITICAL

Key Information:

Vendor

Roundcube

Status
Webmail
Vendor
CVE Published:
2 June 2025

Badges

🔥 Trending now🥇 Trended No. 1📈 Trended📈 Score: 8,850👾 Exploit Exists🟡 Public PoC🟣 EPSS 75%📰 News Worthy

What is CVE-2025-49113?

CVE-2025-49113 is a remote code execution vulnerability found in Roundcube Webmail, an open-source webmail software widely used for accessing email through a web interface. This vulnerability arises from the improper validation of the _from parameter in a specific URL related to file uploads. As a result, authenticated users can exploit this flaw to execute arbitrary PHP code on the server, potentially compromising the integrity and security of the webmail application and any data associated with it. Organizations using affected versions of Roundcube Webmail may face severe operational disruptions, data loss, and unauthorized access as a direct consequence of this vulnerability.

Potential impact of CVE-2025-49113

  1. Remote Code Execution: The primary impact of CVE-2025-49113 is the ability for authenticated users to execute arbitrary code on the server. This can lead to unauthorized access, modification, or deletion of sensitive data stored within the webmail application.

  2. Data Breach and Information Disclosure: Exploitation of this vulnerability can result in significant data breaches, as attackers could gain access to confidential emails, user credentials, and other personal information. This not only jeopardizes user privacy but also exposes organizations to legal and regulatory repercussions.

  3. Service Disruption: A successful exploit could allow attackers to disrupt services by manipulating webmail functionalities, potentially leading to downtime or loss of service availability, which can significantly affect organizational productivity and service reliability.

Affected Version(s)

Webmail 0 < 1.5.10

Webmail 1.6.0 < 1.6.11

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-49113-exploit
Created by hakaioffsec

CVE-2025-49113-nuclei-template
Created by Ademking

CVE-2025-49113
Created by SyFi

News Articles

favicon imageSecurity Affairs

Over 80,000 servers hit as roundcube RCE bug gets rapidly exploited

A critical remote code execution (RCE) vulnerability in Roundcube was exploited days after patch, impacting over 80,000 servers.

2 weeks ago

favicon imageEasyspace

Round Cube Vulnerability

Patching Guidance Due to a vulnerability in Roundcube, both Plesk and cPanel require an update, which should be automatically picked up. However, users are recommended to force the update through. If you need...

2 weeks ago

PoC Code Escalates Roundcube Vuln Threat

The flaw allows an authenticated attacker to gain complete control over a Roundcube webmail server.

2 weeks ago

References

https://roundcube.net/news/2025/06/01/security-updates-1....
https://github.com/roundcube/roundcubemail/pull/9865
https://github.com/roundcube/roundcubemail/releases/tag/1...

EPSS Score

75% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 🟡

    Public PoC available

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-49113 : Remote Code Execution Vulnerability in Roundcube Webmail by Roundcube