CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two actively exploited vulnerabilities in Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, indicating significant risk due to ongoing exploitation. These flaws, identified as CVE-2025-49113 with a CVSS score of 9.9, involve deserialization of untrusted data that allows remote code execution, posing a severe threat to email security and infrastructure integrity.

This action by CISA highlights the urgency for organizations to patch these vulnerabilities promptly, as their inclusion in the KEV catalog underscores the active threat landscape and potential for widespread impact. The move aims to raise awareness and drive mitigation efforts to protect against cyberattacks targeting webmail systems.

Key Takeaways

CISA added two actively exploited Roundcube vulnerabilities to its KEV catalog
CVE-2025-49113 has a high CVSS score of 9.9 and allows remote code execution
The vulnerabilities involve deserialization of untrusted data, posing severe security risks
Organizations are urged to patch immediately due to evidence of active exploitation

CVEs Mentioned

CVE-2025-49113

Source: The Hacker News

Press ESC to close

Key Takeaways

CVEs Mentioned

Share Article:

Tarang Parmar

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning

EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security