CISA added two actively exploited Roundcube vulnerabilities (CVE-2025-49113 and CVE-2025-68461) to its Known Exploited Vulnerabilities catalog after observing evidence of active exploitation. CVE-2025-49113 allows authenticated remote code execution and was weaponized within 48 hours of disclosure, and federal agencies must remediate the flaws by March 13, 2026 to protect FCEB networks. #Roundcube #CVE-2025-49113 #CVE-2025-68461 #CISA
Keypoints
- CISA added two Roundcube vulnerabilities to the KEV catalog due to active exploitation.
- CVE-2025-49113 is a deserialization flaw permitting authenticated remote code execution via the _from parameter in upload.php (CVSS 9.9).
- CVE-2025-68461 is a cross-site scripting vulnerability triggered by the animate tag in an SVG (CVSS 7.2).
- Researchers say CVE-2025-49113 was weaponized within 48 hours of disclosure and an exploit was offered for sale on June 4, 2025.
- FCEB agencies must remediate by March 13, 2026; attribution is unknown though past Roundcube flaws have been used by APT28 and Winter Vivern.
Read More: https://thehackernews.com/2026/02/cisa-adds-two-actively-exploited.html