关联漏洞
标题:
Roundcube Webmail 安全漏洞
(CVE-2025-49113)
描述:Roundcube Webmail是Roundcube开源的一款基于浏览器的开源IMAP客户端,它支持地址薄管理、信息搜索、拼写检查等。 Roundcube Webmail 1.5.10之前版本和 1.6.11之前版本存在安全漏洞,该漏洞源于未验证_from参数,可能导致PHP对象反序列化攻击。
描述
POC of CVE-2025-49113
介绍
# CVE-2025-49113 – Roundcube Remote Code Execution (RCE) PoC
This repository contains a **Proof-of-Concept (PoC)** exploit for **CVE-2025-49113**, a critical remote code execution vulnerability in Roundcube Webmail versions prior to 1.5.10 and 1.6.11. The vulnerability arises from insecure PHP object deserialization in the `upload.php` script, allowing authenticated users to execute arbitrary code on the server.
> ⚠️ **Disclaimer:** This PoC is intended for **educational purposes only**. **Do not** use this exploit against systems you do not own or have explicit permission to test. Unauthorized use may be illegal.
---
## Vulnerability Overview
- **CVE ID:** CVE-2025-49113
- **CVSS v3.1 Base Score:** 9.9 (Critical)
- **Affected Versions:**
- Roundcube 1.5.0 through 1.5.9
- Roundcube 1.6.0 through 1.6.10
- **Vulnerability Type:** Remote Code Execution via insecure PHP object deserialization
- **Impact:** Allows authenticated users to execute arbitrary code on the server
For detailed information, refer to the [NVD CVE-2025-49113 entry](https://nvd.nist.gov/vuln/detail/CVE-2025-49113).
---
## PoC Script: `exp.py`
The `exp.py` script demonstrates the exploitation of this vulnerability. It sends a crafted request to the vulnerable `upload.php` endpoint, triggering the deserialization flaw and executing a specified command on the server.
### Requirements
`pip -r install requirements.txt`
### Usage
```bash
python3 exp.py <target_url> <username> <password> <command>
```
### Example
```
python3 exp.py http://mail.website.com admin password "id"
```
<img width="784" height="232" alt="Screenshot 2025-08-24 at 20 53 50" src="https://github.com/user-attachments/assets/ad51a14b-b052-4a63-bc77-2e22cb37830e" />
<img width="793" height="469" alt="Screenshot 2025-08-24 at 20 53 31" src="https://github.com/user-attachments/assets/be9e8445-abd9-4329-9a2c-50271b6fa5ec" />
# References
- https://nvd.nist.gov/vuln/detail/CVE-2025-49113
- https://github.com/hakaioffsec/CVE-2025-49113-exploit
- https://github.com/fearsoff-org/CVE-2025-49113
文件快照
[4.0K] /data/pocs/4ced569c8ef008531e8034d104d344023842191e
├── [4.3K] exp.py
├── [1.1K] LICENSE
├── [2.0K] README.md
└── [1.1K] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。