The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the active exploitation of two vulnerabilities in the popular RoundCube Webmail application. These vulnerabilities have been exploited in real-world attacks, posing significant risks to both government and enterprise networks.
Details on the Vulnerabilities
RoundCube Webmail, a widely used email client, has become a target for cybercriminals. The exploitation of its vulnerabilities soon after their public disclosure is a notable trend. One such vulnerability, identified as CVE-2025-49113, is a critical post-authentication remote code execution (RCE) flaw. This vulnerability, which scored 9.9 in the Common Vulnerability Scoring System (CVSS), was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog recently.
The RCE issue affects all RoundCube versions from 1.1.0 to 1.6.10, allowing malicious actors to inject harmful data into active sessions by embedding payloads in file names. Although the defect was patched on June 1, 2025, attackers quickly developed exploit code, leveraging brute force techniques to gain necessary credentials.
Additional Vulnerability in Focus
In addition to CVE-2025-49113, another vulnerability, CVE-2025-68461, has been actively exploited. This high-severity flaw, addressed in December 2025, involves a cross-site scripting (XSS) issue. The vulnerability, which has a CVSS score of 7.2, could be exploited using the animate tag in an SVG document within Webmail versions 1.6.12 and 1.5.12.
The affected versions failed to properly sanitize malicious payloads embedded in the animate tag, enabling attackers to execute arbitrary code in the victim’s browser session without any user interaction.
Urgent Action Required
CISA has urgently advised federal agencies to work on patching these RoundCube vulnerabilities within a three-week timeframe, as directed by Binding Operational Directive 22-01. It is crucial for all organizations to consult CISA’s KEV catalog and prioritize the remediation of the security issues listed.
Effective patch management and timely updates are essential to mitigate the risks associated with these vulnerabilities. Organizations should ensure that all deployed software versions are up-to-date and secure against potential exploitation.
Staying informed about newly discovered vulnerabilities and promptly applying patches can significantly reduce the risk of cyber attacks targeting key systems and data.
