Roundcube

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-49113 CRITICAL POC KEV PATCH THREAT Act Now

Roundcube Webmail contains a critical PHP object deserialization vulnerability (CVE-2025-49113, CVSS 9.9) that allows authenticated users to achieve remote code execution through a crafted upload URL. With EPSS 90.4% and KEV listing, this vulnerability in one of the most widely deployed open-source webmail platforms enables any email user to compromise the mail server, accessing all hosted mailboxes.

Roundcube PHP RCE Deserialization Authentication Bypass +4

NVD GitHub Exploit-DB

CVSS 3.1

9.9

EPSS

90.4%

Threat

7.7

CVE-2025-49113

EPSS 90% 7.7 CVSS 9.9

CRITICAL POC KEV PATCH THREAT Act Now

Roundcube Webmail contains a critical PHP object deserialization vulnerability (CVE-2025-49113, CVSS 9.9) that allows authenticated users to achieve remote code execution through a crafted upload URL. With EPSS 90.4% and KEV listing, this vulnerability in one of the most widely deployed open-source webmail platforms enables any email user to compromise the mail server, accessing all hosted mailboxes.

Roundcube PHP RCE +6

NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy