CVE-2025-49113
published 2025-06-02CVE-2025-49113: Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
KEVEXPLOIT
CISA Known Exploited Vulnerabilitydue 2026-03-13
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | roundcube | < roundcube 1.6.5+dfsg-1+deb12u5 (bookworm) | roundcube 1.6.5+dfsg-1+deb12u5 (bookworm) |
| roundcube | roundcubemail | >= 0 < 1.5.10 | 1.5.10 |
| roundcube | roundcubemail | >= 1.6.0 < 1.6.11 | 1.6.11 |
| roundcube | webmail | < 1.5.10 | 1.5.10 |
| roundcube | webmail | >= 1.6.0 < 1.6.11 | 1.6.11 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vulncheck9.9CRITICAL
cisa8.8HIGH
OSV
CVE-2025-49113: Roundcube Webmail before 1
osv·2025-06-02·CVSS 8.8
CVE-2025-49113 [HIGH] CVE-2025-49113: Roundcube Webmail before 1
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
OSV
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
osv·2025-06-02
CVE-2025-49113 [CRITICAL] Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
GHSA
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
ghsa·2025-06-02
CVE-2025-49113 [CRITICAL] CWE-502 Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
VulnCheck
RoundCube Webmail Deserialization of Untrusted Data Vulnerability
vulncheck·2025·CVSS 9.9
CVE-2025-49113 [CRITICAL] CWE-502 RoundCube Webmail Deserialization of Untrusted Data Vulnerability
RoundCube Webmail Deserialization of Untrusted Data Vulnerability
RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php.
Affected: Roundcube Roundcube Webmail
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://fearsoff.org/research/roundcube; https://cyble.com/blog/weekly-cyble-vulnerability-blog/; https://x.com/ReyXBF/status/1933555211185819835; https://falconfeeds.io/blogs/unmasking-handala-iran-cyber-threat-psyops; https://medium.com/@nshcthreatrecon/
CISA
RoundCube Webmail Deserialization of Untrusted Data Vulnerability
cisa·2026-02-20·CVSS 8.8
CVE-2025-49113 [HIGH] CWE-502 RoundCube Webmail Deserialization of Untrusted Data Vulnerability
Vulnerability: RoundCube Webmail Deserialization of Untrusted Data Vulnerability
Affected: Roundcube Webmail
RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.6.11 ; https://nvd.nist.gov/vuln/detail/CVE-2025-49113
Remediation Due
Ubuntu
Roundcube vulnerability
vendor_ubuntu·2025-06-19
CVE-2025-49113 Roundcube vulnerability
Title: Roundcube vulnerability
Summary: Roundcube Webmail could allow remote code execution.
It was discovered that Roundcube Webmail did not properly sanitize the
_from parameter in a URL, leading to PHP Object Deserialization. A remote
attacker could possibly use this issue to execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
roundcubemail: Remote Code Execution in Roundcube via Unvalidated _from Parameter
vendor_redhat·2025-06-02·CVSS 9.9
CVE-2025-49113 [CRITICAL] CWE-502 roundcubemail: Remote Code Execution in Roundcube via Unvalidated _from Parameter
roundcubemail: Remote Code Execution in Roundcube via Unvalidated _from Parameter
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
A flaw was found in Roundcube Webmail. This vulnerability allows remote code execution by authenticated users via PHP object deserialization through unvalidated _from parameter in upload.php.
Statement: Red Hat has evaluated this vulnerability and its related components. No products are affected as Roundcube Webmail is not shipped in the Red Hat Product Portfolio.
Mitigation: To mitigate this vulnerability, update Roundcube Webmail to version 1.5.10 or 1.6.11, which ad
Debian
CVE-2025-49113: roundcube - Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execu...
vendor_debian·2025·CVSS 9.9
CVE-2025-49113 [CRITICAL] CVE-2025-49113: roundcube - Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execu...
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Scope: local
bookworm: resolved (fixed in 1.6.5+dfsg-1+deb12u5)
bullseye: resolved (fixed in 1.4.15+dfsg.1-1+deb11u5)
forky: resolved (fixed in 1.6.11+dfsg-1)
sid: resolved (fixed in 1.6.11+dfsg-1)
trixie: resolved (fixed in 1.6.11+dfsg-1)
Suricata
ET WEB_SPECIFIC_APPS Roundcube Post-Auth RCE via PHP Object Deserialization (CVE-2025-49113)
suricata·2025-07-14·CVSS 9.9
CVE-2025-49113 [CRITICAL] ET WEB_SPECIFIC_APPS Roundcube Post-Auth RCE via PHP Object Deserialization (CVE-2025-49113)
ET WEB_SPECIFIC_APPS Roundcube Post-Auth RCE via PHP Object Deserialization (CVE-2025-49113)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Roundcube Post-Auth RCE via PHP Object Deserialization (CVE-2025-49113)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"action|3d|upload"; fast_pattern; content:"_from|3d|"; pcre:"/^[^\x26]*?[a-zA-Z]\x3a\x2b?\d+\x3a(?:[a-zA-Z]?\x3a\d+\x3a?\x7b?|\x22[^\x22\x3b\x7b\x7d]*\x22|\x3b|\x7d)+/R"; http.request_body; content:"filename|3d 22|"; pcre:"/^[^\x22]*?preferences_time\x7cb\x3a\d+\x3b/R"; reference:url,fearsoff.org/research/roundcube; reference:cve,2025-49113; classtype:web-application-attack; sid:2063428; rev:1; metadata:affected_product Roundcube, attack_target Server, created_at 2025_07_14, cve CVE_
Exploit-DB
Roundcube 1.6.10 - Remote Code Execution (RCE)
exploitdb·2025-06-13
CVE-2025-49113 Roundcube 1.6.10 - Remote Code Execution (RCE)
Roundcube 1.6.10 - Remote Code Execution (RCE)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization',
'Description' => %q{
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution
by authenticated users because the _from parameter in a URL is not validated
in program/actions/settings/upload.php, leading to PHP Object Deserialization.
An attacker can execute arbitrary system commands as the web server.
},
'Author' => [
'Maksim Rogov', # msf module
'Kirill Firsov', # disclosure and original exploit
],
'License' => MSF_LICENSE,
'References' => [
['CVE', '2025-49113'],
['URL', 'https://fe
Nuclei
Roundcube Webmail - Remote Code Execution
nuclei·CVSS 8.8
CVE-2025-49113 [HIGH] Roundcube Webmail - Remote Code Execution
Roundcube Webmail - Remote Code Execution
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Template:
id: CVE-2025-49113
info:
name: Roundcube Webmail - Remote Code Execution
author: rootxharsh,iamnoooob,pdresearch,Ademking
severity: critical
description: |
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
impact: |
Authenticated attackers can exploit unsafe deserialization in file upload handling to execute ar
Metasploit
Roundcube Post-Auth RCE via PHP Object Deserialization
metasploit
Roundcube Post-Auth RCE via PHP Object Deserialization
Roundcube Post-Auth RCE via PHP Object Deserialization
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. An attacker can execute arbitrary system commands as the web server.
Checkpoint
2nd March – Threat Intelligence Report
blogs_checkpoint·2026-03-02
CVE-2025-59536 2nd March – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 2nd March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 2nd March, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
Wynn Resorts, a United States-based casino and hotel operator, has confirmed that employee data was accessed following an extortion threat linked to ShinyHunters. The company said operations were not disrupted. Reports indicate the stolen dataset includes HR-related information, including contact details and employment records f
Bleepingcomputer
CISA: Recently patched RoundCube flaws now exploited in attacks
blogs_bleepingcomputer·2026-02-23·CVSS 9.9
[CRITICAL] CISA: Recently patched RoundCube flaws now exploited in attacks
## CISA: Recently patched RoundCube flaws now exploited in attacks
## Sergiu Gatlan
CISA flagged two Roundcube Webmail vulnerabilities as actively exploited in attacks and ordered U.S. federal agencies to patch them within three weeks.
Roundcube Webmail is a web-based email client that has been the default mail interface for the widely used cPanel web hosting control panel since 2008.
The first vulnerability tagged as actively abused by threat actors is a critical remote code execution flaw tracked as CVE-2025-49113 , which was first flagged as exploited days after it was patched in June 2025, when Internet security watchdog Shadowserver warned that over 84,000 vulnerable Roundcube webmail installations were vulnerable to attacks.
Roundcube patched the second one ( CVE-2025-68461 ) tw
Securelist
Exploits and vulnerabilities in Q2 2025
blogs_securelist·2025-08-27·CVSS 8.2
CVE-2025-32433 [HIGH] Exploits and vulnerabilities in Q2 2025
Table of Contents
Statistics on registered vulnerabilities
Exploitation statistics
Windows and Linux vulnerability exploitation
Most common published exploits
Vulnerability exploitation in APT attacks
C2 frameworks
Interesting vulnerabilities
CVE-2025-32433: vulnerability in the SSH server, part of the Erlang/OTP framework
CVE-2025-6218: directory traversal vulnerability in WinRAR
CVE-2025-3052: insecure data access vulnerability in NVRAM, allowing bypass of UEFI signature checks
CVE-2025-49113: insecure deserialization vulnerability in Roundcube Webmail
CVE-2025-1533: stack overflow vulnerability in the AsIO3.sys driver
Conclusion and advice
Authors
Alexander Kolesnikov
Vulnerability registrations in Q2 2025 proved to be quite dynamic. Vulnerabilities that were published i
Securelist
Vulnerability landscape analysis for Q2 2025
blogs_securelist·2025-08-27
Vulnerability landscape analysis for Q2 2025
Table of Contents
- Statistics on registered vulnerabilities
- Exploitation statistics
- Vulnerability exploitation in APT attacks
- C2 frameworks
- Interesting vulnerabilities
- Conclusion and advice
Authors
- Alexander Kolesnikov
Vulnerability registrations in Q2 2025 proved to be quite dynamic. Vulnerabilities that were published impact the security of nearly every computer subsystem: UEFI, drivers, operating systems, browsers, as well as user and web applications. Based on our analysis, threat actors continue to leverage vulnerabilities in real-world attacks as a means of gaining access to user systems, just like in previous periods.
This report also describes known vulnerabilities used with popular C2 frameworks during the first half of 2025.
## Statistics on registered vulnera
Bleepingcomputer
Hacker steals 1 million Cock.li user records in webmail data breach
blogs_bleepingcomputer·2025-06-17
Hacker steals 1 million Cock.li user records in webmail data breach
## Hacker steals 1 million Cock.li user records in webmail data breach
## Bill Toulas
Email hosting provider Cock.li has confirmed it suffered a data breach after threat actors exploited flaws in its now-retired Roundcube webmail platform to steal over a million user records.
The incident exposed all users who had logged in to the mail service since 2016, estimated at 1,023,800 people, along with contact entries for an additional 93,000 users.
Cock.li is a Germany-based free email hosting provider with a privacy-focused ethos and lax moderation policies, run by a single operator known as 'Vincent Canfield' since 2013.
It is promoted as an alternative to mainstream email providers, supporting standard security protocols like SMTP, IMAP, and TLS.
Cock.li is used by people who distrust
Bleepingcomputer
Over 84,000 Roundcube instances vulnerable to actively exploited flaw
blogs_bleepingcomputer·2025-06-09·CVSS 9.9
CVE-2025-49113 [CRITICAL] Over 84,000 Roundcube instances vulnerable to actively exploited flaw
## Over 84,000 Roundcube instances vulnerable to actively exploited flaw
## Bill Toulas
Over 84,000 Roundcube webmail installations are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) flaw with a public exploit.
The flaw, which impacts Roundcube versions 1.1.0 through 1.6.10, spanning over a decade, was patched on June 1, 2025 , following its discovery and reporting by security researcher Kirill Firsov.
The bug stems from unsanitized $_GET['_from'] input, enabling PHP object deserialization and session corruption when session keys begin with an exclamation mark.
Shortly after the patch was released, hackers reverse-engineered it to develop a working exploit, which they sold on underground forums .
Though the exploitation of CVE-2025-49113 requires authentication,
Checkpoint
9th June – Threat Intelligence Report
blogs_checkpoint·2025-06-09
CVE-2025-49113 9th June – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 9th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 9th June, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
American tax company, Optima Tax Relief, has disclosed a ransomware attack that resulted in the theft of 69GB of sensitive data, including corporate records and customer case files containing personal information such as Social Security numbers, phone numbers, and home addresses. The attack impacted the company’s servers in a dou
Bleepingcomputer
Hacker selling critical Roundcube webmail exploit as tech info disclosed
blogs_bleepingcomputer·2025-06-05·CVSS 9.9
CVE-2025-49113 [CRITICAL] Hacker selling critical Roundcube webmail exploit as tech info disclosed
## Hacker selling critical Roundcube webmail exploit as tech info disclosed
## Ionut Ilascu
Hackers are likely starting to exploit CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution.
The security issue has been present in Roundcube for over a decade and impacts versions of Roundcube webmail 1.1.0 through 1.6.10. It received a patch on June 1st.
It took attackers just a couple of days to reverse engineer the fix, weaponize the vulnerability, and start selling a working exploit on at least one hacker forum.
Roundcube is one of the most popular webmail solutions as the product is included in offers from well-known hosting providers such as GoDaddy, Hostinger, Dreamhost, or OVH.
## "Email armageddon"
CVE-202
Trendmicro
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
blogs_trendmicro·2025-01-09·CVSS 9.8
CVE-2024-49113 [CRITICAL] Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Cyber Threats
# Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware.
By: Sarah Pearl Camiling
2025/01/09
Read time: ( words)
Save to Folio
In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities were deemed as highly significant due to the widespread use of LDAP in Windows environments:
- CVE-2024-49112: A remote code execution (RCE) bug that attackers can exploit by sending specially crafted LDAP requests, allowing them to execute arbitrary code on the target system.
- CVE-2024-
Trendmicro
Information Stealer Pretends to be LDAPNightmare (CVE-2024-49113) PoC Exploit
blogs_trendmicro·2025-01-09·CVSS 9.8
CVE-2024-49113 [CRITICAL] Information Stealer Pretends to be LDAPNightmare (CVE-2024-49113) PoC Exploit
Cyber Threats
## Information Stealer Pretends to be LDAPNightmare (CVE-2024-49113) PoC Exploit
Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware.
By: Sarah Pearl Camiling Jan 09, 2025 Read time: ( words)
Save to Folio
In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft's monthly Patch Tuesday release. Both vulnerabilities were deemed as highly significant due to the widespread use of LDAP in Windows environments:
CVE-2024-49112 : A remote code execution (RCE) bug that attackers can exploit by sending specially crafted LDAP requests, allowing them to execute arbitrary code on the target system.
CVE-2024-
Trendmicro
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
blogs_trendmicro·2025-01-09·CVSS 9.8
CVE-2024-49113 [CRITICAL] Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Ciberamenazas
## Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware.
By: Sarah Pearl Camiling Jan 09, 2025 Read time: ( words)
Save to Folio
In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities were deemed as highly significant due to the widespread use of LDAP in Windows environments:
CVE-2024-49112 : A remote code execution (RCE) bug that attackers can exploit by sending specially crafted LDAP requests, allowing them to execute arbitrary code on the target system.
CVE-2024-
Trendmicro
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
blogs_trendmicro·2025-01-09·CVSS 9.8
CVE-2024-49113 [CRITICAL] Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Cyber Threats
## Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware.
By: Sarah Pearl Camiling 2025/01/09 Read time: ( words)
Save to Folio
In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities were deemed as highly significant due to the widespread use of LDAP in Windows environments:
CVE-2024-49112 : A remote code execution (RCE) bug that attackers can exploit by sending specially crafted LDAP requests, allowing them to execute arbitrary code on the target system.
CVE-2024-49
Trendmicro
What We Know About CVE-2024-49112 and CVE-2024-49113
blogs_trendmicro·2025-01-04·CVSS 9.8
CVE-2024-49112 [CRITICAL] What We Know About CVE-2024-49112 and CVE-2024-49113
Exploits & Vulnerabilities
## What We Know About CVE-2024-49112 and CVE-2024-49113
This blog entry provides an overview of CVE-2024-49112 and CVE-2024-49113 and includes information that organizations need to know to stay protected against potential exploitation.
By: Trend Micro Jan 04, 2025 Read time: ( words)
Save to Folio
In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112 , a remote code execution (RCE) flaw with a 9.8 CVSS score, and CVE-2024-49113 , a denial-of-service (DoS) flaw with a 7.5 CVSS score.
This blog entry provides an overview of these two vulnerabilities and includes information that IT and SOC professionals need to know.
Trendmicro
What We Know About CVE-2024-49112 and CVE-2024-49113
blogs_trendmicro·2025-01-04·CVSS 9.8
CVE-2024-49112 [CRITICAL] What We Know About CVE-2024-49112 and CVE-2024-49113
Exploits & Vulnerabilities
## What We Know About CVE-2024-49112 and CVE-2024-49113
This blog entry provides an overview of CVE-2024-49112 and CVE-2024-49113 and includes information that organizations need to know to stay protected against potential exploitation.
By: Trend Micro 2025/01/04 Read time: ( words)
Save to Folio
In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112 , a remote code execution (RCE) flaw with a 9.8 CVSS score, and CVE-2024-49113 , a denial-of-service (DoS) flaw with a 7.5 CVSS score.
This blog entry provides an overview of these two vulnerabilities and includes information that IT and SOC professionals need to know.
Trendmicro
What We Know About CVE-2024-49112 and CVE-2024-49113
blogs_trendmicro·2025-01-04·CVSS 9.8
CVE-2024-49112 [CRITICAL] What We Know About CVE-2024-49112 and CVE-2024-49113
Exploits & Vulnerabilities
# What We Know About CVE-2024-49112 and CVE-2024-49113
This blog entry provides an overview of CVE-2024-49112 and CVE-2024-49113 and includes information that organizations need to know to stay protected against potential exploitation.
By: Trend Micro
2025/01/04
Read time: ( words)
Save to Folio
In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112, a remote code execution (RCE) flaw with a 9.8 CVSS score, and CVE-2024-49113, a denial-of-service (DoS) flaw with a 7.5 CVSS score.
This blog entry provides an overview of these two vulnerabilities and includes information that IT and SOC professionals need to know.
How attackers can exploit CVE-20
Trendmicro
What We Know About CVE-2024-49112 and CVE-2024-49113
blogs_trendmicro·2025-01-04·CVSS 9.8
CVE-2024-49112 [CRITICAL] What We Know About CVE-2024-49112 and CVE-2024-49113
Exploits y vulnerabilidades
## What We Know About CVE-2024-49112 and CVE-2024-49113
This blog entry provides an overview of CVE-2024-49112 and CVE-2024-49113 and includes information that organizations need to know to stay protected against potential exploitation.
By: Trend Micro Jan 04, 2025 Read time: ( words)
Save to Folio
In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112 , a remote code execution (RCE) flaw with a 9.8 CVSS score, and CVE-2024-49113 , a denial-of-service (DoS) flaw with a 7.5 CVSS score.
This blog entry provides an overview of these two vulnerabilities and includes information that IT and SOC professionals need to know.
Trendmicro
What We Know About CVE-2024-49112 and CVE-2024-49113
blogs_trendmicro·2025-01-04·CVSS 9.8
CVE-2024-49112 [CRITICAL] What We Know About CVE-2024-49112 and CVE-2024-49113
Exploits & Vulnerabilities
## What We Know About CVE-2024-49112 and CVE-2024-49113
This blog entry provides an overview of CVE-2024-49112 and CVE-2024-49113 and includes information that organisations need to know to stay protected against potential exploitation.
By: Trend Micro Jan 04, 2025 Read time: ( words)
Save to Folio
In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112 , a remote code execution (RCE) flaw with a 9.8 CVSS score, and CVE-2024-49113 , a denial-of-service (DoS) flaw with a 7.5 CVSS score.
This blog entry provides an overview of these two vulnerabilities and includes information that IT and SOC professionals need to know.
Greynoiseio
NoiseLetter June 2025
blogs_greynoiseio
NoiseLetter June 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
https://fearsoff.org/research/roundcubehttps://github.com/roundcube/roundcubemail/commit/0376f69e958a8fef7f6f09e352c541b4e7729c4dhttps://github.com/roundcube/roundcubemail/commit/7408f31379666124a39f9cb1018f62bc5e2dc695https://github.com/roundcube/roundcubemail/commit/c50a07d88ca38f018a0f4a0b008e9a1deb32637ehttps://github.com/roundcube/roundcubemail/pull/9865https://github.com/roundcube/roundcubemail/releases/tag/1.5.10https://github.com/roundcube/roundcubemail/releases/tag/1.6.11https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-mitigation-scripthttps://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-vulnerability-detectionhttp://www.openwall.com/lists/oss-security/2025/06/02/3https://lists.debian.org/debian-lts-announce/2025/06/msg00008.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49113
2025-06-02
Published
2026-02-20
Added to CISA KEV