来源

关联漏洞

描述

Detection for CVE-2025-49113

介绍

# CVE-2025-49113 Detection

**NOTE**
This template has now been implemented into CERT Polska's tool Artemis. I’m deeply honoured to be acknowledged by CERT Polska for this vulnerability detection script. It is a true privilege to play a part in strengthening global cyber security efforts through open-source contributions. 
https://github.com/CERT-Polska/Artemis/pull/1762

 ## How does this detection method work?

This template looks at the HTML body for the `rcversion` value and then matches on vulnerable versions. Here is a mapping of the RAW HTML value and version mapping for Roundcube:
```
10502	1.5.2
10601	1.6.1
10506	1.5.6
10500	1.5.0
10609	1.6.9
10611	1.6.11
10510	1.5.10
10505	1.5.5
10503	1.5.3
10610	1.6.10
10509	1.5.9
10607	1.6.7
10602	1.6.2
10606	1.6.6
10605	1.6.5
```

![image](https://github.com/user-attachments/assets/99f7736a-fc80-43fb-864f-14210638705d)

**This is not an exploit script but rather a script to detect whether an instance is vulnerable to CVE-2025-49113 based on versions.**

 ## How do I run this script?

1. Download Nuclei from [here](https://github.com/projectdiscovery/nuclei)
2. Copy the template to your local system
3. Run the following command: `nuclei -u https://yourHost.com -t template.yaml` 

## References

- https://thehackernews.com/2025/06/critical-10-year-old-roundcube-webmail.html
- https://access.redhat.com/security/cve/cve-2025-49113


## Disclaimer

Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.

## Contact

Feel free to reach out to me on [Signal](https://signal.me/#eu/0Qd68U1ivXNdWCF4hf70UYFo7tB0w-GQqFpYcyV6-yr4exn2SclB6bFeP7wTAxQw).

文件快照

 [4.0K]  /data/pocs/7ba703c14ecc6b6854733d6badfe8b7f241c43ec
├── [1.0K]  LICENSE
├── [1.7K]  README.md
└── [ 750]  template.yaml

0 directories, 3 files

备注