<ul><li>A critical flaw in Roundcube webmail software, known as CVE-2025-49113, has been discovered after being undetected for over a decade.</li><li>This flaw allows attackers to execute arbitrary code and take control of affected systems, posing significant risks to users and organizations.</li><li>The founder of FearsOff, Kirill Firsov, identified the vulnerability in Roundcube Webmail before version 1.5.10 and 1.6.x before 1.6.11.</li><li>To mitigate the risk, users are advised to update their Roundcube installations to the latest version immediately.</li></ul>

Roundcube Webmail under fire: critical exploit found after a decade

Discover more