CVE-2025-49113 PoC — Roundcube Webmail 安全漏洞

Source

Associated Vulnerability

Description

CVE-2025-49113 - Roundcube <= 1.6.10 Post-Auth RCE via PHP Object Deserialization

Readme

# Nuclei vulnerability detection template - CVE-2025-49113 - Roundcube ≤ 1.6.10 Post-Authentication Remote Code Execution

![](https://i.imgur.com/ejVwHRD.png)

**CVE ID:** CVE-2025-49113  
**Severity:** Critical (CVSS 10.0)  
**Discovered by:** Kirill Firsov (FearsOff)  
**Date Disclosed:** June 1, 2025  
**Fixed in:** Roundcube 1.6.11 / 1.5.10 LTS

    - https://nvd.nist.gov/vuln/detail/CVE-2025-49113
    - https://github.com/advisories/GHSA-8j8w-wwqc-x596
    - https://fearsoff.org/research/roundcube
    - http://www.openwall.com/lists/oss-security/2025/06/02/3
    - https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10

File Snapshot

 [4.0K]  /data/pocs/c20305bd01a01eb183c82b7b3cc77a46d3349848
├── [2.1K]  CVE-2025-49113.yaml
└── [ 653]  README.md

0 directories, 2 files

Remarks