The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog with two critical security issues affecting the Roundcube webmail platform. These vulnerabilities, which have been actively exploited, necessitate immediate attention from cybersecurity professionals.
Details of the Identified Flaws
The first vulnerability, identified as CVE-2025-49113, holds a CVSS score of 9.9. This serious issue involves the deserialization of untrusted data, enabling remote code execution by authenticated users due to the lack of validation on the _from parameter within a specific URL. This flaw was addressed in a security patch released in June 2025.
Another flaw, CVE-2025-68461, presents a cross-site scripting vulnerability through the animate tag in SVG documents. Although it has a lower CVSS score of 7.2, it remains a significant concern, having been rectified in a December 2025 update.
Discovery and Exploitation
FearsOff, a cybersecurity firm based in Dubai, was instrumental in uncovering CVE-2025-49113. The company’s founder, Kirill Firsov, reported that the vulnerability was exploited within 48 hours of its public disclosure, with exploits becoming available for purchase shortly thereafter.
Firsov highlighted the ease of triggering this vulnerability on standard installations and noted its presence in the codebase for over a decade. Although the specific actors exploiting these flaws remain unidentified, previous attacks on Roundcube have involved nation-state groups such as APT28 and Winter Vivern.
Urgent Remediation Required
The Federal Civilian Executive Branch (FCEB) agencies have been mandated to address these vulnerabilities by March 13, 2026. This directive is part of a broader effort to safeguard networks from these active threats.
In light of these developments, organizations using Roundcube are urged to apply the necessary patches and review their security measures to prevent potential breaches.
As cyber threats continue to evolve, it is crucial for entities to stay informed and proactive in their security strategies to mitigate the risks associated with such vulnerabilities.
