Information Disclosure Vulnerability in Roundcube Webmail by Roundcube
CVE-2025-68460

7.2HIGH

Key Information:

Vendor: Roundcube
Status: Webmail
Vendor: CVE Published:; 18 December 2025

What is CVE-2025-68460?

Roundcube Webmail versions prior to 1.5.12 and 1.6 prior to 1.6.12 are susceptible to an information disclosure issue, specifically within the HTML style sanitizer. This vulnerability could potentially allow unauthorized access to sensitive information, emphasizing the importance of updating to the latest versions to ensure the security of your webmail application.

Affected Version(s)

Webmail 0 < 1.5.12

Webmail 1.6.0 < 1.6.12

References

https://roundcube.net/news/2025/12/13/security-updates-1....

https://github.com/roundcube/roundcubemail/commit/08de250...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Dec 18, 2025

JSON