AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2025-49113: RoundCube Webmail Deserialization of Untrusted Data Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesFebruary 19, 2026CVE-2025-49113

Summary

RoundCube Webmail has a deserialization of untrusted data vulnerability (a flaw where the program unsafely processes data from users, which can be exploited to run malicious code) in its settings upload feature because a URL parameter called _from is not properly checked. This allows authenticated users (those who have logged in) to execute remote code execution (run commands on the server without owning it), and it is currently being exploited by attackers in real-world attacks.

Solution / Mitigation

Apply security updates to RoundCube Webmail version 1.6.11 or version 1.5.10, according to vendor instructions at https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10. Alternatively, follow applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are unavailable.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 90.4%

Exploit Maturity

🔥 Actively Exploited

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-502

CAPEC (Attack Pattern)

CAPEC-586

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-49113

First tracked: February 20, 2026 at 07:00 PM

Classified by LLM (prompt v3) · confidence: 95%