Candid Today Press

Critical Roundcube webmail flaw went undetected for 10 years

The Roundcube email client has a critical remote code execution flaw tracked as CVE-2025-49113 with a CVSS score of 9.9. The vulnerability has been present in Roundmail for over a decade, allowing ...
Bleeping Computer

Hacker selling critical Roundcube webmail exploit as tech info disclosed

Hackers are likely starting to exploit CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. The security issue has been ...
Computing

Russian hacking group seen exploiting Roundcube webmail zero-day

ESET researchers have revealed that the Winter Vivern Russian hacking group has exploited a zero-day vulnerability in Roundcube Webmail, targeting various European government entities and think tanks.
SecurityWeek

Exploited Vulnerability Impacts Over 80,000 Roundcube Servers

Exploitation of a critical-severity RCE vulnerability in Roundcube started only days after a patch was released. More than 80,000 Roundcube webmail servers are affected by a critical-severity remote ...
GitHub

Cloudflare 524 Error with Roudcube

There is an issue between the Cloudflare DNS proxy of the webmail record (either A or CNAME) and accessing the Roundcube Inbox directly. When trying to reach a client's mailbox via ...
Bleeping Computer

Hacker steals 1 million Cock.li user records in webmail data breach

Email hosting provider Cock.li has confirmed it suffered a data breach after threat actors exploited flaws in its now-retired Roundcube webmail platform to steal over a million user records. The ...