CVE-2025-49113 – Roundcube Webmail PHP Object Deserialization Vulnerability

June 2, 2025

CVE ID : CVE-2025-49113

Published : June 2, 2025, 5:15 a.m. | 1 hour, 59 minutes ago

Description : Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

Severity: 9.9 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5429 – Juzaweb CMS Remote Improper Access Control Vulnerability

Next Article CVE-2025-49112 – Valkey TCP/IP Stack Integer Underflow Vulnerability

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

In MCP era API discoverability is now more important than ever

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Reddit wants to sue Anthropic for stealing its data, but the Claude AI manufacturers vow to “defend ourselves vigorously”

Satya Nadella says Microsoft makes money every time you use ChatGPT: “Every day that ChatGPT succeeds is a fantastic day”

Multiple reports suggest a Persona 4 Remake from Atlus will be announced during the Xbox Games Showcase

TC39 advances numerous proposals at latest meeting

TC39 advances numerous proposals at latest meeting

TypeBridge – zero ceremony, compile time rpc for client and server com

Simplify Cloud-Native Development with Quarkus Extensions

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Reddit wants to sue Anthropic for stealing its data, but the Claude AI manufacturers vow to “defend ourselves vigorously”

Satya Nadella says Microsoft makes money every time you use ChatGPT: “Every day that ChatGPT succeeds is a fantastic day”

CVE-2025-49113 – Roundcube Webmail PHP Object Deserialization Vulnerability

Leadership, Trust, and Cyber Hygiene: NCSC’s Guide to Security Culture in Action

CVE-2025-4318 Critical RCE in AWS Amplify Codegen UI

DevSecOps with Agentic AI: Autonomous Security Testing in CI/CD Pipelines

Tell your Project’s Story using Azure DevOps Queries and Dashboards

FydeOS is a ChromiumOS Linux based distribution

React 19: Say Goodbye to useEffect for Data Fetching

Carnegie Mellon University at NeurIPS 2024

CVE-2025-31259 – Apple macOS Sequoia Privilege Escalation Vulnerability

Amazon is selling the M4 Mac Mini at an all-time low price (and I don’t expect it to last)

The tasks college students are using Claude AI for most, according to Anthropic

CVE-2025-49113 – Roundcube Webmail PHP Object Deserialization Vulnerability

Related Posts