CVE-2025-49113 – Roundcube Webmail PHP Object Deserialization Vulnerability

June 2, 2025

CVE ID : CVE-2025-49113

Published : June 2, 2025, 5:15 a.m. | 1 hour, 59 minutes ago

Description : Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

Severity: 9.9 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5429 – Juzaweb CMS Remote Improper Access Control Vulnerability

Next Article CVE-2025-49112 – Valkey TCP/IP Stack Integer Underflow Vulnerability

Highlights

CVE-2025-46567 – LLaMA Factory Deserialization Command Execution Vulnerability

May 1, 2025

CVE ID : CVE-2025-46567

Published : May 1, 2025, 6:15 p.m. | 1 hour, 11 minutes ago

Description : LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the `llamafy_baichuan2.py` script of the LLaMA-Factory project. The script performs insecure deserialization using `torch.load()` on user-supplied `.bin` files from an input directory. An attacker can exploit this behavior by crafting a malicious `.bin` file that executes arbitrary commands during deserialization. This issue has been patched in version 1.0.0.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

In MCP era API discoverability is now more important than ever

Google’s DeepMind CEO lists 2 AGI existential risks to society keeping him up at night — but claims “today’s AI systems” don’t warrant a pause on development

Anthropic researchers say next-generation AI models will reduce humans to “meat robots” in a spectrum of crazy futures

Xbox just quietly added two of the best RPGs of all time to Game Pass

7 reasons The Division 2 is a game you should be playing in 2025

Mastering TypeScript: How Complex Should Your Types Be?

Mastering TypeScript: How Complex Should Your Types Be?

IDMC – CDI Best Practices

PWC-IDMC Migration Gaps

Google’s DeepMind CEO lists 2 AGI existential risks to society keeping him up at night — but claims “today’s AI systems” don’t warrant a pause on development

Google’s DeepMind CEO lists 2 AGI existential risks to society keeping him up at night — but claims “today’s AI systems” don’t warrant a pause on development

Anthropic researchers say next-generation AI models will reduce humans to “meat robots” in a spectrum of crazy futures

Xbox just quietly added two of the best RPGs of all time to Game Pass

CVE-2025-49113 – Roundcube Webmail PHP Object Deserialization Vulnerability

High-Severity Flaw in MIM Medical Imaging Software Allows Code Execution!

Amazon Alerts: High-Severity FreeRTOS-Plus-TCP Flaw Needs Immediate Patch!

How to Speed Up Website Loading by Removing Extra Bits and Bytes

CVE-2025-45021 – PHPGurukul Directory Management System SQL Injection

CVE-2025-40626 – AbanteCart Reflected Cross-Site Scripting (XSS)

CVE-2025-45542 – CloudClassroom-PHP-Project SQL Injection Vulnerability

CVE-2025-46567 – LLaMA Factory Deserialization Command Execution Vulnerability

Tired of Flaky Tests? How Playwright Ensures Reliable and Scalable Automation

CVE-2025-21467 – Cisco Router Buffer Overflow

All the buzz of ChatGPTâ€™s Voice Mode from OpenAIâ€™s Spring Update is going down the drain

CVE-2025-49113 – Roundcube Webmail PHP Object Deserialization Vulnerability

Related Posts