Over 84,000 Roundcube Instances Vulnerable to Actively Exploited Flaw

Over 84,000 Roundcube instances vulnerable to actively exploited flaw

Over 84,000 instances of the Roundcube webmail software are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) vulnerability with a publicly available exploit.

Security Flaws in eMagicOne Store Manager for WooCommerce in WordPress (CVE-2025-5058 and CVE-2025-4603)

Security Flaws in eMagicOne Store Manager for WooCommerce in WordPress (CVE-2025-5058 and CVE-2025-4603) Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.  The eMagicOne Store Manager for WooCommerce plugin is in WordPr…

Over 84,000 Roundcube Instances Vulnerable To Actively Exploited Flaw - Cybernoz - Cybersecurity News

Over 84,000 Roundcube webmail installations are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) flaw with a public exploit. The flaw, which impacts Roundcube versions 1.1.0 through 1.6.10, spanning over a decade, was patched on June 1, 2025, following its discovery and reporting by security researcher Kirill Firsov. The bug stems from unsanitized $_GET[‘_from’] input, enabling PHP object deserialization and session corruptio…

Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113) - Help Net Security

With an exploit for a critical Roundcube vulnerability (CVE-2025-49113) being offered for sale on underground forums and a PoC exploit having been made public, attacks exploiting the flaw are incoming and possibly already happening. According to the Shadowserver Foundation, there is no lack of possible targets: around 84,000 internet-facing installations – predominantly in Europe, Asia, and North America – are still unpatched. What is Roundcube?…