You are not logged in. Please login or register.
iRedMail → iRedMail Support → CVE-2025-49113 & CVE-2025-68461 RoundCube?
Hi Zhang,
Do you plan to release a patch for these CVEs?
CVE-2025-49113 RoundCube Webmail Deserialization of Untrusted Data Vulnerability
CVE-2025-68461 RoundCube Webmail Cross-site Scripting Vulnerability
Thanks,
Ray
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.https://github.com/iredmail/iRedMail/co … e51e8c9b97
Both CVE were patched in 1.6.13
RoundCube is kind of standalone and not directly part of iRedMail, it i just a 3rd party integration, and noone is foced to use it (optional during installation)
Everyone is required to pull relevant securty updates on their own
Please upgrade Roundcube to latest 1.6.13.
We're preparing new iRedMail release with this patched version.
iRedMail → iRedMail Support → CVE-2025-49113 & CVE-2025-68461 RoundCube?
Powered by PunBB, supported by Informer Technologies, Inc.
Currently installed 2 official extensions. Copyright © 2003–2010 PunBB.
Generated in 0.005 seconds (62% PHP - 38% DB) with 8 queries