Post Date: 2025/06/12

【Vulnerability Alert】Significant Security Vulnerability in Roundcube Mail Server (CVE-2025-49113)

  • Subject: 【Vulnerability Alert】Significant Security Vulnerability in Roundcube Mail Server (CVE-2025-49113)


  • Content:
    • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202506-00000005
    • Roundcube mail server is an open-source webmail client, allowing users to send and receive emails through a browser, and is widely used in various email systems. Recently, the Roundcube development team received a report from a cybersecurity vendor indicating a significant security vulnerability (CVE-2025-49113, CVSS: 9.9) in the system, and a patched update has been released. [cite_start]This vulnerability is a PHP object deserialization flaw, which allows authenticated attackers to remotely execute arbitrary code, posing a threat to the system.
  • Affected Platforms:
    • [cite_start]Roundcube versions 1.1.0 to 1.5.9
    • Roundcube versions 1.6.0 to 1.6.10
  • Suggested Measures:
    • Please update to version 1.6.11, 1.5.10 (inclusive) or later.
  • References:
    1. https://www.twcert.org.tw/tw/cp-169-10172-687a3-1.html

Computer and Communications Center
Network Systems Division