CVE-2025-49113 PoC — Roundcube Webmail 安全漏洞

Source

https://github.com/issamjr/CVE-2025-49113-Scanner

Associated Vulnerability

Title:Roundcube Webmail 安全漏洞 (CVE-2025-49113)
Description:Roundcube Webmail是Roundcube开源的一款基于浏览器的开源IMAP客户端，它支持地址薄管理、信息搜索、拼写检查等。 Roundcube Webmail 1.5.10之前版本和 1.6.11之前版本存在安全漏洞，该漏洞源于未验证_from参数，可能导致PHP对象反序列化攻击。

Description

A powerful Python scanner to detect CVE-2025-49113 vulnerability in Roundcube Webmail. Developed by Issam Junior (@issamiso).

Readme

<img src="https://raw.githubusercontent.com/issamjr/CVE-2025-49113-Scanner/refs/heads/main/img.jpg" />


# CVE-2025-49113 Scanner

## 🔍 Description

A powerful, multi-method Python scanner for detecting **CVE-2025-49113**, a critical remote code execution vulnerability in Roundcube Webmail.

- **CVE**: 2025-49113  
- **Type**: Authenticated Remote Code Execution via unsafe PHP object deserialization  
- **Affected Versions**: Roundcube < 1.5.10 and < 1.6.11  
- **Author**: Issam Junior ([@issamiso](https://t.me/issamiso))  

---

## 💥 Vulnerability Summary

`upload.php` in Roundcube Webmail does not validate the `'_from'` parameter, allowing injection of malicious serialized PHP objects. This enables a remote attacker (with valid session) to achieve **full remote code execution** (RCE) on the mail server.

---

## 🧪 Detection Methods

This scanner uses **three different techniques** to detect the vulnerability:
1. **Error-Based Analysis** – Detects typical PHP fatal errors in the response.
2. **Serialization Leakage** – Identifies object serialization responses.
3. **Header Anomaly Checks** – Detects headers suggesting exploitable configurations (like exposed `X-Powered-By: PHP`).

The script also **automatically detects Roundcube** installations before testing.

---

## ✅ Protection & Mitigation

- Upgrade to **Roundcube 1.5.10** or **1.6.11**
- Filter and sanitize user input
- Disable unserialize usage or apply secure serialization handlers
- Enforce secure cookie attributes (`HttpOnly`, `SameSite`, etc.)

---

## ⚙️ Usage

### Clone and install requirements:
```bash
git clone https://github.com/issamjr/CVE-2025-49113-Scanner.git
cd CVE-2025-49113-Scanner
pip install -r requirements.txt
```

### Scan a single target:
```bash
python3 scanner.py --url https://target-roundcube.com/
```

### Scan a list of targets:
```bash
python3 scanner.py --list targets.txt
```

> Targets must be authenticated or simulate session using cookies (default uses `roundcube_sessid=fake-session`).

---

## 📁 Example File (`targets.txt`)
```
https://mail1.example.com
https://webmail.anotherdomain.org
```

---

## 🔐 Disclaimer

This tool is intended **only for authorized security auditing and educational purposes**.  
The author is not responsible for any damage caused by misuse.

---

## 🛠️ Contact

Developer: **Issam Junior**  
Telegram: [@issamiso](https://t.me/issamiso)  
GitHub: [github.com/issamjr](https://github.com/issamjr)

File Snapshot


 [4.0K]  /data/pocs/73ab777c1f8210a743c3e81aa1caf76051df6086
├── [ 43K]  img.jpg
├── [2.4K]  README.md
├── [  18]  requirements.txt
└── [4.9K]  scanner.py

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!