CVE-2025-49113 – Roundcube Webmail PHP Object Deserialization Vulnerability

June 2, 2025

CVE ID : CVE-2025-49113

Published : June 2, 2025, 5:15 a.m. | 1 hour, 59 minutes ago

Description : Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

Severity: 9.9 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5429 – Juzaweb CMS Remote Improper Access Control Vulnerability

Next Article CVE-2025-49112 – Valkey TCP/IP Stack Integer Underflow Vulnerability

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Top 10 Use Cases of Vibe Coding in Large-Scale Node.js Applications

Building smarter interactions with MCP elicitation: From clunky tool calls to seamless user experiences

From Zero to MCP: Simplifying AI Integrations with xmcp

Distribution Release: Linux Mint 22.2

Coded Smorgasbord: Basically, a Smorgasbord

Drupal 11’s AI Features: What They Actually Mean for Your Team

Drupal 11’s AI Features: What They Actually Mean for Your Team

Why Data Governance Matters More Than Ever in 2025?

Perficient Included in the IDC Market Glance for Digital Business Professional Services, 3Q25

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

Distribution Release: Linux Mint 22.2

‘Cronos: The New Dawn’ was by far my favorite experience at Gamescom 2025 — Bloober might have cooked an Xbox / PC horror masterpiece

CVE-2025-49113 – Roundcube Webmail PHP Object Deserialization Vulnerability

Critical Linux UDisks Daemon Vulnerability (CVE-2025-8067) Exposes Privileged Data to Local Attackers

Google Slapped with $381 Million Fine in France Over Gmail Ads, Cookie Consent Missteps

CISA Warns of Vulnerabilities in ControlID iDSecure Software Allowing Authentication Bypass

CVE-2025-6118 – Das Parking Management System SQL Injection Vulnerability

CVE-2025-34046 – Fanwei E-Office Unauthenticated Remote Code Execution File Upload Vulnerability

Qualcomm fixes three Adreno GPU zero-days exploited in attacks

Apache Tomcat and Camel Vulnerabilities Actively Exploited in The Wild

CVE-2024-40114 – Sitecom WLX-2006 Wall Mount Range Extender XSS Language Cookie Manipulation

CVE-2025-43200 – Apple WatchOS/IOS/MacOS/iPadOS/VisionOS Photo/Video Processing Logic Vulnerability

CVE-2025-50491 – PHPGurukul Bank Locker Management System Session Hijacking Vulnerability

CVE-2025-49113 – Roundcube Webmail PHP Object Deserialization Vulnerability

Related Posts