---
title: "CISA Warns of Actively Exploited RoundCube Webmail Vulnerabilities"
short_title: "Critical RoundCube flaws added to CISA KEV catalog"
description: "CISA adds two actively exploited RoundCube Webmail vulnerabilities (CVE-2025-49113, CVE-2025-68461) to its KEV catalog. Learn mitigation steps and risks now."
author: "Vitus"
date: 2025-02-24
categories: [Cybersecurity, Vulnerabilities]
tags: [cve-2025-49113, cve-2025-68461, roundcube, cisa, cybersecurity]
score: 0.85
cve_ids: [CVE-2025-49113, CVE-2025-68461]
---
TL;DR
CISA has added two critical RoundCube Webmail vulnerabilities—CVE-2025-49113 (deserialization flaw) and CVE-2025-68461 (cross-site scripting)—to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal agencies must patch immediately, but all organizations are urged to prioritize remediation to mitigate risks.
---
Main Content
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated the urgency around two RoundCube Webmail vulnerabilities after confirming their active exploitation in the wild. These flaws, now listed in the Known Exploited Vulnerabilities (KEV) Catalog, pose significant risks to organizations, including federal agencies and private enterprises. Timely remediation is critical to preventing potential breaches.
Key Points
- CISA added CVE-2025-49113 (deserialization of untrusted data) and CVE-2025-68461 (cross-site scripting) to its KEV catalog.
- Both vulnerabilities are actively exploited by malicious cyber actors, making them high-priority targets.
- Binding Operational Directive (BOD) 22-01 mandates federal agencies to remediate these flaws by the specified due date.
- While BOD 22-01 applies to Federal Civilian Executive Branch (FCEB) agencies, CISA urges all organizations to prioritize patching.
---
Technical Details
#### CVE-2025-49113: Deserialization of Untrusted Data Vulnerability
This flaw allows attackers to exploit improper deserialization of untrusted data in RoundCube Webmail. Successful exploitation could lead to arbitrary code execution, enabling attackers to gain control of affected systems. Deserialization vulnerabilities are particularly dangerous because they can be triggered remotely without user interaction.
#### CVE-2025-68461: Cross-Site Scripting (XSS) Vulnerability
This XSS flaw enables attackers to inject malicious scripts into web pages viewed by users. Exploitation could result in session hijacking, data theft, or defacement of the RoundCube Webmail interface. XSS vulnerabilities are common but remain a favored attack vector due to their versatility and impact.
---
Impact Assessment
The inclusion of these vulnerabilities in CISA’s KEV catalog underscores their severity and active exploitation. Organizations using RoundCube Webmail are at heightened risk of:
- Unauthorized access to sensitive emails and user data.
- Remote code execution (RCE), which could lead to full system compromise.
- Phishing attacks leveraging XSS to trick users into revealing credentials.
- Compliance violations for federal agencies failing to adhere to BOD 22-01.
---
Mitigation Steps
CISA recommends the following actions to mitigate risks:
1. Apply patches immediately: Update RoundCube Webmail to the latest secure version.
2. Monitor for exploitation: Deploy intrusion detection systems (IDS) to identify suspicious activity.
3. Restrict access: Limit exposure of RoundCube Webmail to trusted networks only.
4. Educate users: Train employees to recognize phishing attempts and suspicious links.
---
Affected Systems
- RoundCube Webmail versions vulnerable to CVE-2025-49113 and CVE-2025-68461.
- Systems running outdated or unpatched versions of RoundCube Webmail are at highest risk.
---
Conclusion
The addition of CVE-2025-49113 and CVE-2025-68461 to CISA’s KEV catalog serves as a stark reminder of the persistent threats posed by unpatched vulnerabilities. While federal agencies are required to act, all organizations must prioritize remediation to safeguard their systems. Proactive patch management and vigilance are essential to staying ahead of cyber threats.
---
References
[^1]: CISA. "[CISA Adds Two Known Exploited Vulnerabilities to Catalog](https://www.cisa.gov/news-events/alerts/2026/02/20/cisa-adds-two-known-exploited-vulnerabilities-catalog)". Retrieved 2025-02-24.
[^2]: CVE Details. "[CVE-2025-49113](https://www.cve.org/CVERecord?id=CVE-2025-49113)". Retrieved 2025-02-24.
[^3]: CVE Details. "[CVE-2025-68461](https://www.cve.org/CVERecord?id=CVE-2025-68461)". Retrieved 2025-02-24.