Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2025-49113

Description

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

POC

Reference

- https://fearsoff.org/research/roundcube

- https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-mitigation-script

- https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-vulnerability-detection

Github

- https://github.com/00xCanelo/CVE-2025-49113

- https://github.com/0xMarcio/cve

- https://github.com/5kr1pt/Roundcube_CVE-2025-49113

- https://github.com/AC8999/CVE-2025-49113

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/Ademking/CVE-2025-49113-nuclei-template

- https://github.com/Andromeda254/cve

- https://github.com/B1ack4sh/Blackash-CVE-2025-49113

- https://github.com/BiiTts/Roundcube-CVE-2025-49113

- https://github.com/CyberQuestor-infosec/CVE-2025-49113-Roundcube_1.6.10

- https://github.com/Esther7171/THM-Walkthroughs

- https://github.com/Esther7171/TryHackMe-Walkthroughs

- https://github.com/FofaInfo/Awesome-FOFA

- https://github.com/GhostTroops/TOP

- https://github.com/Joelp03/CVE-2025-49113

- https://github.com/LeakForge/CVE-2025-49113

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/Sheikhalif087/About-Me

- https://github.com/Shinbatsu/awesome-tryhackme

- https://github.com/Shinbatsu/tryhackme-awesome

- https://github.com/SteamPunk424/CVE-2025-49113-Roundcube-RCE-PHP

- https://github.com/SyFi/CVE-2025-49113

- https://github.com/Taamdev/Taamdev

- https://github.com/Threekiii/CVE

- https://github.com/Yuri08loveElaina/CVE-2025-49113

- https://github.com/Zuack55/Roundcube-1.6.10-Post-Auth-RCE-CVE-2025-49113-

- https://github.com/Zwique/CVE-2025-49113

- https://github.com/a-s-m-asadujjaman/exploitables

- https://github.com/a1batr0ssG/VulhubExpand

- https://github.com/adnan-kutay-yuksel/tryhackme-all-rooms-database

- https://github.com/blacks1ph0n/ctf-free-rooms

- https://github.com/damarant/CTF

- https://github.com/evildevill/evildevill

- https://github.com/fearsoff-org/CVE-2025-49113

- https://github.com/fkie-cad/nvd-json-data-feeds

- https://github.com/hackmelocal/CVE-2025-49113-Simulation

- https://github.com/hakaioffsec/CVE-2025-49113-exploit

- https://github.com/issamjr/CVE-2025-49113-Scanner

- https://github.com/l4f2s4/CVE-2025-49113_exploit_cookies

- https://github.com/lcfr-eth/exploits

- https://github.com/mridulchamoli93/htb-md-

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/punitdarji/roundcube-cve-2025-49113

- https://github.com/rasool13x/exploit-CVE-2025-49113

- https://github.com/rishabatra1802/TryHackMe_FreeRooms

- https://github.com/rxerium/CVE-2025-49113

- https://github.com/rxerium/stars

- https://github.com/tanjiti/sec_profile

- https://github.com/thexnumb/thexwriteup

- https://github.com/w4zu/Debian_security

- https://github.com/zhanpengliu-tencent/medium-cve

- https://github.com/zxarj/wxvl