关联漏洞
标题:
Roundcube Webmail 安全漏洞
(CVE-2025-49113)
描述:Roundcube Webmail是Roundcube开源的一款基于浏览器的开源IMAP客户端,它支持地址薄管理、信息搜索、拼写检查等。 Roundcube Webmail 1.5.10之前版本和 1.6.11之前版本存在安全漏洞,该漏洞源于未验证_from参数,可能导致PHP对象反序列化攻击。
介绍
# 📧 Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization [CVE-2025-49113]
## 🔍 Writeup
A critical post-authentication Remote Code Execution vulnerability was discovered in Roundcube (versions ≤ 1.6.10), caused by insecure PHP object deserialization. This severe flaw has silently persisted in the codebase for over **10 years**.
For the full technical writeup and exploitation details, visit:
👉 [https://fearsoff.org/research/roundcube](https://fearsoff.org/research/roundcube)
---
## 🐳 Quick Installation (via Docker)
This will install Ubuntu 24.04, Roundcube, and all necessary dependencies inside a Docker container:
```bash
docker run --name ubuntu24 \
-p 9876:80 \
-v "$PWD/rc_install.sh":/root/rc_install.sh \
-it ubuntu:24.04 \
bash -c "chmod +x /root/rc_install.sh && /root/rc_install.sh && exec bash"
```
> ⚠️ **Note**: Use only in isolated environments. Do **not** expose vulnerable instances to the public internet.
## ⚠️ Disclaimer
This proof-of-concept code is provided for educational and research purposes only. The author and contributors assume no responsibility for any misuse or damage resulting from the use of this code. Unauthorized use on systems you do not own or have explicit permission to test is illegal and strictly prohibited.
## Run:
Make sure you have `php` installed on the system
```
php CVE-2025-49113.php http://127.0.0.1:9876/ roundcube fearsoff.org "cat /etc/passwd > /tmp/pwned"
```
## 👤 Author & Credits
- **Author**: Kirill Firsov ([https://x.com/k_firsov](https://x.com/k_firsov))
- **Organization**: FearsOff ([https://fearsoff.org](https://fearsoff.org))
---
## 🛡️ Mitigation
If you're running Roundcube ≤ 1.6.10, update to the latest patched version immediately to eliminate this vulnerability.
---
## 📜 License
This project and associated documentation are provided under the MIT License.
文件快照
[4.0K] /data/pocs/5a1d1ee58d0c1641807ca9785cd083acd57e943d
├── [ 10K] CVE-2025-49113.php
├── [4.7K] rc_install.sh
└── [1.9K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。