TL;DR
['CISA has added two new RoundCube Webmail vulnerabilities, one deserialization (CVE-2025-49113) and one XSS (CVE-2025-68461), to its Known Exploited Vulnerabilities Catalog based on evidence of exploitation. Both pose significant risks, especially for federal networks as per BOD 22-01 requirements.', 'CISA strongly ad
What happened
["CISA has published an alert adding two new RoundCube Webmail vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of exploitation: CVE-2025-49113, which involves deserialization of untrusted data leading to potential remote code execution; and CVE-2025-68461, a cross-site scripting issue that can be exploited by attackers to execute arbitrary scripts in the victim's browser session."]
Why it matters for ops
['These vulnerabilities are critical because they serve as frequent attack vectors for malicious cyber actors, posing significant risks to federal networks and potentially allowing unauthorized access or data theft. BOD 22-01 mandates swift remediation of such issues by specific deadlines.', 'Failure to address these vulnerabilities could result in severe breaches or operational disruptions.']
Mitigation
- Update RoundCube Webmail to the latest version which includes fixes for CVE-2025-49113 and CVE-2025-68461. Apply security patches promptly a
- Implement strict access controls, monitor network traffic closely, and regularly review system configurations to ensure compliance with BOD
Action items
- Prioritize patching RoundCube Webmail installations according to the timelines set forth in CISA's KEV Catalog. Engage IT staff and security
- Conduct a thorough review of current vulnerability management processes to ensure alignment with BOD 22-01 standards for timely remediation.
Detection IOCs
- Look for signs of deserialization attacks targeting RoundCube Webmail, such as unusual data being passed through web requests. Monitor for c
- Check server logs and network traffic for any anomalous activities related to these vulnerabilities.