Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Roundcube RCE Flaw Risks 84,000 Servers

June 10, 2025
Reading Time: 2 mins read
in Alerts
New Skitnet Malware Arms Ransomware Gangs

Security researchers have now identified a critical vulnerability in Roundcube Webmail that affects over 84,000 unpatched installations worldwide. This significant vulnerability, designated as CVE-2025-49113, enables authenticated attackers to remotely execute arbitrary code on the affected servers. It currently impacts all Roundcube versions from 1.1.0 through 1.6.10, representing a very serious threat to millions of webmail users. The popular webmail client is bundled by major hosting providers like GoDaddy and is also used by many universities and government agencies. This widespread adoption has unfortunately created what security researchers now describe as an “industrial scale” attack surface for many threat actors.

The critical vulnerability stems from a specific security flaw that is located in Roundcube’s session handling mechanism within a deserialization function. The underlying technical issue involves the improper parsing of session data when certain variable names begin with an exclamation mark (!). This specific condition causes the deserialization process to incorrectly shift its pointer positions, which ultimately corrupts the user’s session data. This created session corruption then creates significant opportunities for attackers to successfully launch PHP object injection attacks on the vulnerable server. These object injection attacks are what can ultimately lead to remote code execution, giving attackers full control over the compromised system.

Attackers can actively exploit this particular vulnerability through Roundcube’s standard file upload functionality by manipulating certain request parameters and filenames. The exploitation technique is known to successfully bypass typical Web Application Firewall (WAF) detection and only requires valid user credentials to execute. Shortly after the official patch was released on June 1st, hackers had already reverse-engineered it to develop a working exploit. This exploit was reportedly fully weaponized within forty-eight hours of the patch becoming public and was sold on various underground forums. The vulnerability’s rapid weaponization prompted security researchers to accelerate their own public disclosure of all the important technical details about it.

The Shadowserver Foundation now reports that as of June 8th, its internet scans still found nearly 85,000 Roundcube instances vulnerable. Most of these currently exposed instances are located in the United States, India, Germany, France, Canada, and also the United Kingdom. System administrators are therefore strongly recommended to update their systems to the new patched versions 1.6.11 and 1.5.10 as soon as possible. Organizations that are running any of the vulnerable versions are considered to be “sitting ducks” for potential exploitation by attackers. If immediate upgrading is impossible for them, it is recommended to restrict access to webmail and carefully monitor for any exploit indicators.

Reference:

  • Hackers Weaponize Critical Roundcube Webmail Flaw Affecting 84,000 Servers
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityJune 2025
ADVERTISEMENT

Related Posts

BadIIS Malware Spreads Via SEO Poisoning

Hackers Target AWS and Steal Credentials

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

SonicWall SMA100 Update Removes Rootkit

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

BadIIS Malware Spreads Via SEO Poisoning

September 24, 2025
FBI Issues Warning on Spoofed IC3 Website

FBI Issues Warning on Spoofed IC3 Website

September 22, 2025
FBI Issues Warning on Spoofed IC3 Website

Infostealer Hits macOS Users Widely

September 22, 2025
FBI Issues Warning on Spoofed IC3 Website

SonicWall Warns Reset After Exposure

September 22, 2025

Latest Alerts

Hackers Target AWS and Steal Credentials

SonicWall SMA100 Update Removes Rootkit

BadIIS Malware Spreads Via SEO Poisoning

SonicWall Warns Reset After Exposure

Infostealer Hits macOS Users Widely

FBI Issues Warning on Spoofed IC3 Website

Subscribe to our newsletter

    Latest Incidents

    Boyd Gaming Reports Data Breach After Attack

    Morrisroe UK Company Hit By Cyber Attack

    GeoServer Flaw Breaches US Agency Network

    Steam Game Steals Streamer Donations

    Ransomware Gang Hacks Spartanburg County

    Cyberattack Hits Europe Airport Systems

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial