Executive Summary

Informations
Name CVE-2025-49113 First vendor Publication 2025-06-02
Vendor Cve Last vendor Modification 2025-06-09

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49113

Sources (Detail)

http://www.openwall.com/lists/oss-security/2025/06/02/3
https://fearsoff.org/research/roundcube
https://github.com/roundcube/roundcubemail/commit/0376f69e958a8fef7f6f09e352c...
https://github.com/roundcube/roundcubemail/commit/7408f31379666124a39f9cb1018...
https://github.com/roundcube/roundcubemail/commit/c50a07d88ca38f018a0f4a0b008...
https://github.com/roundcube/roundcubemail/pull/9865
https://github.com/roundcube/roundcubemail/releases/tag/1.5.10
https://github.com/roundcube/roundcubemail/releases/tag/1.6.11
https://lists.debian.org/debian-lts-announce/2025/06/msg00008.html
https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2025-06-09 09:20:34
  • Multiple Updates
2025-06-03 02:35:04
  • Multiple Updates
2025-06-03 02:35:02
  • Multiple Updates
2025-06-03 00:20:33
  • Multiple Updates
2025-06-02 17:20:35
  • Multiple Updates
2025-06-02 13:20:42
  • First insertion