Over 80,000 Roundcube webmail servers are affected by a critical remote code execution vulnerability, CVE-2025-49113, which has been exploited in attacks. The flaw, present in versions 1.1.0 to 1.6.10, involves PHP Object Injection through flawed logic and un-sanitized parameters, enabling threat actors to compromise servers. #RoundcubeVulnerability #CVE2025-49113
Keypoints
- Over 80,000 insecure Roundcube servers are vulnerable to remote code execution.
- The flaw stems from improper variable evaluation and lack of parameter sanitization.
- Exploitation requires valid credentials but can be achieved via brute-force or log extraction.
- Exploit code has been sold on the dark web shortly after patches were released.
- Cyber campaigns, including spear-phishing, are exploiting related Roundcube flaws for credential theft.
Read More: https://www.securityweek.com/exploited-vulnerability-impacts-over-80000-roundcube-servers/