CISA Adds Two Roundcube Vulnerabilities to Known Exploited List

CISA added two Roundcube webmail flaws to its Known Exploited Vulnerabilities catalog due to active attacks. Federal agencies must fix them by March 13, 2026. The bugs are CVE-2025-49113 and CVE-2025-68461. CVE-2025-49113 is a critical deserialization flaw in upload.php. It lets logged-in users run code remotely via the _from URL parameter. CVSS score sits at […]

The post CISA Adds Two Roundcube Vulnerabilities to Known Exploited List appeared first on VPN Central.