Tuesday , June 10 2025
Roundcube

84,000+ Roundcube instances vulnerable to actively exploited flaw

More than 84,000 Roundcube webmail installations are at risk due to CVE-2025-49113, a severe remote code execution (RCE) vulnerability that comes with an available public exploit. The flaw in Roundcube (versions 1.1.0 to 1.6.10) was discovered by Kirill Firsov and was patched on June 1, 2025.

The bug stems from unsanitized $_GET[‘_from’] input, enabling PHP object deserialization and session corruption when session keys begin with an exclamation mark.

84,000+ Roundcube instances vulnerable to actively exploited flaw

More than 84,000 Roundcube webmail installations are at risk due to CVE-2025-49113, a severe remote code execution (RCE) vulnerability that...
Read More
84,000+ Roundcube instances vulnerable to actively exploited flaw

CVE-2025-24016
Critical Wazuh RCE Actively Exploited by Mirai Botnets

The Security Intelligence and Response Team (SIRT) at Akamai has found that multiple Mirai-based botnets are exploiting CVE-2025-24016, a critical...
Read More
CVE-2025-24016  Critical Wazuh RCE Actively Exploited by Mirai Botnets

CISA Issues Seven Advisories for Industrial Control Systems (ICS)

On June 5, 2025, CISA released seven advisories regarding Industrial Control Systems (ICS) that highlight current security issues, vulnerabilities, and...
Read More
CISA Issues Seven Advisories for Industrial Control Systems (ICS)

ClickFix Attack Exploits Fake Cloudflare Human Check to Install Malware

A new social engineering attack uses familiar security checks to trick users into downloading malware via fake Cloudflare verification pages....
Read More
ClickFix Attack Exploits Fake Cloudflare Human Check to Install Malware

Fortinet flaws now exploited in Qilin ransomware attacks

The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and...
Read More
Fortinet flaws now exploited in Qilin ransomware attacks

Critical Cisco ISE flaw impacts cloud deployments on AWS, Microsoft Azure, and OCI

Cisco fixed a critical vulnerability in the Identity Services Engine (ISE) that could let unauthorized attackers carry out harmful actions....
Read More
Critical Cisco ISE flaw impacts cloud deployments on AWS, Microsoft Azure, and OCI

App builiding platform exposes over 3 million records, including PII

Cybersecurity researcher Jeremiah Fowler discovered an unprotected database with 3,637,107 records likely from a no-code app-building platform. The unprotected database,...
Read More
App builiding platform exposes over 3 million records, including PII

CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

IBM has issued a security advisory for vulnerabilities in its QRadar Suite Software and Cloud Pak for Security platforms. These...
Read More
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

ALERT
Thousands of IP addresses compromised nationwide: CIRT warn

As Bangladesh prepares for the extended Eid-ul-Adha holidays, the BGD e-GOV Computer Incident Response Team (CIRT) has issued an urgent...
Read More
ALERT  Thousands of IP addresses compromised nationwide: CIRT warn

New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

In March 2025, the Threatfabric mobile Threat Intelligence team identified Crocodilus, a new Android banking Trojan designed for device takeover....
Read More
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

Soon after the patch was out, hackers created a working exploit by reverse-engineering it and sold it on underground forums.

Though CVE-2025-49113 needs authentication to exploit, attackers assert they can acquire valid credentials using CSRF, log scraping, or brute-force methods.

Firsov shared technical details about the flaw on his blog to help defend against active exploitation attempts that are very likely to occur.

Massive exposure:

Roundcube is commonly used by web hosting providers and in sectors like government, education, and tech, with over 1,200,000 instances visible online.

As of June 8, 2025, The Shadowserver Foundation reports 84,925 vulnerable Roundcube instances related to CVE-2025-49113.

The majority of instances are located in the United States (19,500), India (15,500), Germany (13,600), France (3,600), Canada (3,500), and the United Kingdom (2,400). The risk of exploitation and data theft makes this a serious cybersecurity issue. Admins should upgrade to versions 1.6.11 and 1.5.10 to fix CVE-2025-49113 promptly.

Bleepingcomputer reported, It is unclear if the flaw is being leveraged in actual attacks and at what scale, but immediate action is advised nonetheless.

If upgrading is impossible, it is recommended to restrict access to webmail, turn off file uploads, add CSRF protection, block risky PHP functions, and monitor for exploit indicators.

Check Also

ISE

Critical Cisco ISE flaw impacts cloud deployments on AWS, Microsoft Azure, and OCI

Cisco fixed a critical vulnerability in the Identity Services Engine (ISE) that could let unauthorized …

Leave a Reply

Your email address will not be published. Required fields are marked *