top of page
Search

Curated CVE Watch - CISA Known Exploited Vulnerabilities

  • Feb 21
  • 2 min read

Key Findings:


  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities affecting the RoundCube Webmail platform to its Known Exploited Vulnerabilities (KEV) catalog.

  • The vulnerabilities are:

  • CVE-2025-49113 (CVSS score: 9.9) - A deserialization of untrusted data vulnerability that allows remote code execution.

  • CVE-2025-68461 (CVSS score: 7.2) - A cross-site scripting (XSS) vulnerability.

  • These vulnerabilities have been actively exploited by advanced threat groups like APT28 and Winter Vivern to steal login credentials and spy on sensitive communications.

  • The critical CVE-2025-49113 flaw went unnoticed for over a decade and can be reliably exploited on default Roundcube installations.


Background


Roundcube is a popular webmail platform that has been repeatedly targeted by malicious actors. The two vulnerabilities added to CISA's KEV catalog have been abused in the past to compromise systems and gain access to sensitive data.


CVE-2025-49113: Deserialization of Untrusted Data Vulnerability


  • This flaw, with a CVSS score of 9.9, allows remote code execution by authenticated users due to improper validation of the "_from" parameter in the "program/actions/settings/upload.php" script.

  • Kirill Firsov, founder and CEO of FearsOff, discovered the vulnerability, which had gone unnoticed for over a decade.

  • Researchers at Positive Technologies have successfully reproduced the exploit, and an active exploit was made available for sale shortly after disclosure.

  • Roundcube has addressed this vulnerability in versions 1.6.11 and 1.5.10 LTS.


CVE-2025-68461: Cross-Site Scripting Vulnerability


  • This flaw, with a CVSS score of 7.2, allows the injection of malicious scripts via the "animate" tag in an SVG document.

  • The vulnerability affects Roundcube Webmail versions before 1.5.12 and 1.6.12, and has also been patched by the vendor.


Impact and Remediation


  • These vulnerabilities pose a significant risk to organizations using Roundcube Webmail, as they have been actively exploited by advanced threat actors.

  • CISA has ordered Federal Civilian Executive Branch (FCEB) agencies to address these vulnerabilities by March 10, 2026, to protect their networks.

  • Private organizations are also strongly advised to review the KEV catalog and apply the necessary patches to their Roundcube installations.


Sources


  • https://securityaffairs.com/188324/security/u-s-cisa-adds-roundcube-webmail-flaws-to-its-known-exploited-vulnerabilities-catalog.html

  • https://thehackernews.com/2026/02/cisa-adds-two-actively-exploited.html

  • https://windowsforum.com/threads/cisa-adds-roundcube-cves-to-kev-catalog-patch-webmail-now.402775/

  • https://cve.anggipradana.com/

Recent Posts

See All

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page