An urgent security threat has been identified impacting users of the popular open-source webmail software, Roundcube. A critical vulnerability, tracked as CVE-2025-49113, allows attackers to achieve remote code execution on affected servers. This means an attacker could potentially take complete control of the server hosting Roundcube simply by sending a specially crafted email.
This vulnerability is particularly dangerous because it does not require any user interaction beyond receiving the malicious email. It lies in how Roundcube processes email attachments or specific email headers, leveraging a weakness related to PHP’s deserialization functionality (specifically phar streams).
Intelligence gathered from cybersecurity channels suggests that this vulnerability is likely to be exploited in widespread attacks imminently. Threat actors are actively discussing and potentially preparing exploits for this flaw.
The impact of successful exploitation is severe, granting attackers the ability to execute arbitrary commands on the server, leading to data breaches, service disruption, or further penetration into the network.
Recognizing the severity and the potential for imminent exploitation, the developers of Roundcube have released patches to address this critical security flaw.
The vulnerability affects Roundcube versions before 1.6.6 and 1.5.x versions before 1.5.6.
To mitigate this significant risk, it is imperative that administrators running Roundcube installations update their software to version 1.6.6 or 1.5.6 (or later versions) immediately. Delaying the update could leave servers exposed to remote code execution attacks. Due to the ease of exploitation and the credible threat of imminent attacks, this security update should be treated with the highest priority. Ensure your Roundcube installation is patched without delay to protect against this severe vulnerability.
Source: https://www.helpnetsecurity.com/2025/06/09/roundcube-rce-dark-web-activity-signals-imminent-attacks-cve-2025-49113/
