关联漏洞
标题:
Roundcube Webmail 安全漏洞
(CVE-2025-49113)
描述:Roundcube Webmail是Roundcube开源的一款基于浏览器的开源IMAP客户端,它支持地址薄管理、信息搜索、拼写检查等。 Roundcube Webmail 1.5.10之前版本和 1.6.11之前版本存在安全漏洞,该漏洞源于未验证_from参数,可能导致PHP对象反序列化攻击。
描述
Proof-of-concept to CVE-2025-49113
介绍
# Roundcube RCE Exploit (CVE-2025-49113)
A fully functional proof-of-concept exploit for **CVE-2025-49113**
---
## 🧠 Summary
**CVE-2025-49113** is an **The vulnerability is the result of a logic flaw in the application's session parser, which allows insecure deserialization of PHP objects. Authenticated users can exploit this issue to execute arbitrary commands on the server.**
---
## 🔥 Impact
An attacker with **valid credentials** (even low-privileged user accounts) can exploit this flaw to:
- Execute arbitrary system commands.
- Establish reverse shells or deploy persistence.
- Move laterally within the internal network if Roundcube is self-hosted.
---
## 🧩 Vulnerability Details
- **Type:** Insecure Deserialization → Remote Code Execution
- **Component:** PHP backend (mail processing or plugin loading logic)
- **Conditions:** Authenticated session (cookie or login), crafted serialized payload
- **Exploit Primitive:** PHP `unserialize()` with attacker-controlled input and loaded gadgets
---
## ✅ Affected Versions
- **1.5.x:** All versions from `1.5.0` to `1.5.9`
- **1.6.x:** All versions from `1.6.0` to `1.6.10`
> Versions prior to 1.5.0 have not been tested, but are potentially vulnerable if backported plugins or features are present.
---
## ⚙️ Exploit Requirements
- Python ≥ **3.7**
- PHP ≥ **7.4** (used for local payload crafting)
- Python libraries listed in `requirements.txt`
---
## 💻 Setup & Installation
Clone the repository and install the required dependencies:
```bash
git clone https://github.com/BiiTts/Roundcube-CVE-2025-49113.git
cd roundcube-rce-CVE-2025-49113
pip install -r requirements.txt
```
## 🔥 Execute
```bash
python3 roundcube_exploit.py http://roundcube.local/ username password "cmd"
```
## 💻 References
https://fearsoff.org/research/roundcube
https://nvd.nist.gov/vuln/detail/CVE-2025-49113
https://hakaisecurity.io/por-tras-da-falha-erro-de-logica-no-parser-de-sessao-do-roundcube-cve-2025-49113/research-blog/
文件快照
[4.0K] /data/pocs/9d50afe0ba68d1ccc14c6364a5b0597dfa3d10d4
├── [ 374] generate_gadget.php
├── [2.0K] README.md
├── [ 166] requirements.txt
└── [ 13K] roundcube_exploit.py
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。