Vulnerabilities

CVE-2025-49113

by Fred · 02/06/2025

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

Assigner : cve@mitre.org

More information : http://www.openwall.com/lists/oss-security/2025/06/02/3

Similar

Tags: Cybersecurity Alert