Topic: php object deserialization

Sort by: Relevance | Date
  • 84,000+ Roundcube Servers at Risk from Active Exploit
    June 11, 2025
    85%

    84,000+ Roundcube Servers at Risk from Active Exploit

    A critical vulnerability (CVE-2025-49113) in Roundcube webmail servers (versions 1.1.0–1.6.10) exposes over 84,000 systems to remote code execution due to improper input sanitization in the `$_GET['_from']` parameter. Attackers can exploit the flaw via CSRF, credential scraping, or brute-force te...

    Read More »
  • Critical Roundcube Webmail Exploit Sold as Tech Details Leak
    June 7, 2025
    80%

    Critical Roundcube Webmail Exploit Sold as Tech Details Leak

    A critical vulnerability (CVE-2025-49113) in Roundcube webmail software is being actively exploited, allowing remote code execution after authentication, with a severity rating of 9.9/10. Hackers reverse-engineered the patch and are selling exploits online, targeting Roundcube’s widespread use in...

    Read More »

Related Topics

roundcube vulnerability cve-2025-49113 (2) remote code execution rce (1) exploit reverse-engineering (1) underground exploit market (1) widespread roundcube usage (1) patch urgency (1) cybersecurity threat landscape (1) Mitigation Strategies (1)