Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113)

With an exploit for a critical Roundcube vulnerability (CVE-2025-49113) being offered for sale on underground forums and a PoC exploit having been made public, attacks exploiting the flaw are incoming and possibly already happening. According to the Shadowserver Foundation, there is no lack of possible targets: around 84,000 internet-facing installations – predominantly in Europe, Asia, and North America – are still unpatched. What is Roundcube? Roundcube is a free and open-source web-based email client that’s …