A critical RCE vulnerability (CVSS 9.9) in Roundcube Webmail (<1.5.10, 1.6.0–1.6.10) allows authenticated users to exploit a PHP deserialization flaw. Learn how it works and how to protect your systems.
The post CVE‑2025‑49113 – Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization appeared first on OffSec.
This article has been indexed from OffSec