February 23, 2026

CISA Warns of Exploitation of Recently Patched RoundCube Vulnerabilities in Attacks

Vaibhav February 23, 2026
CISA-Warns-of-Exploitation-of-Recently-Patched-RoundCube-Vulnerabilities-in-Attacksdata
Post Views: 12

US CISA Warns of Actively Exploited Roundcube Webmail Vulnerabilities

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that two recently patched vulnerabilities in Roundcube Webmail are being actively exploited in attacks.

Roundcube Webmail Vulnerabilities

Roundcube Webmail is a widely used web-based email client that has been the default mail interface for the cPanel web hosting control panel since 2008.

CVE-2025-49113 and CVE-2025-68461

The first vulnerability, tracked as CVE-2025-49113, is a critical remote code execution flaw that was patched in June 2025. Despite the patch, Internet security watchdog Shadowserver warned that over 84,000 vulnerable Roundcube webmail installations were still vulnerable to attacks.

The second vulnerability, tracked as CVE-2025-68461, is a cross-site scripting (XSS) flaw that was patched in December 2025. This vulnerability can be exploited by remote, unauthenticated attackers using low-complexity attacks that abuse the animate tag in SVG documents.

CISA’s Warning

CISA has added both vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, warning that they are “frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.”

CISA has ordered Federal Civilian Executive Branch (FCEB) agencies to secure their systems against these vulnerabilities within three weeks, by March 13.

Roundcube Instances

Roundcube instances are widely used, with over 46,000 instances currently tracked by Shodan. However, it is unclear how many of these instances are vulnerable to the two exploited vulnerabilities.

CISA also tracks ten other Roundcube Webmail vulnerabilities that are either actively exploited in attacks or have been abused in the past.

Binding Operational Directive

The US cybersecurity agency has issued a binding operational directive (BOD 22-01) requiring FCEB agencies to patch these vulnerabilities within the specified timeframe. This directive was issued in November 2021 and mandates that federal agencies take prompt action to secure their systems against known vulnerabilities.

Consequences of Exploitation

Roundcube vulnerabilities have been a popular target for cybercrime and state-sponsored attacks in the past. The exploitation of these vulnerabilities can have significant consequences, including the compromise of sensitive data and disruption of critical systems.

As such, it is essential that organizations take immediate action to patch these vulnerabilities and secure their systems.



About Author

Vaibhav

See author's posts

More Stories

Spanish-Police-Arrest-Suspected-Anonymous-Members-Over-DDoS-Attacks-on-Government-Websitesdata

Spanish Police Arrest Suspected Anonymous Members Over DDoS Attacks on Government Websites

Vaibhav February 23, 2026
Unlocking-the-Future-Why-Now-s-the-Time-to-Prepare-for-the-Quantum-Computing-Revolutiondata

Unlocking the Future: Why Now’s the Time to Prepare for the Quantum Computing Revolution

Vaibhav February 23, 2026
ClawHub-Users-Warned-Fake-Troubleshooting-Tips-Expose-Users-to-Infostealer-Malware-Infectionsdata

ClawHub Users Warned: Fake Troubleshooting Tips Expose Users to Infostealer Malware Infections

Vaibhav February 23, 2026

You may have missed

Spanish-Police-Arrest-Suspected-Anonymous-Members-Over-DDoS-Attacks-on-Government-Websitesdata

Spanish Police Arrest Suspected Anonymous Members Over DDoS Attacks on Government Websites

Vaibhav February 23, 2026
Infrastructure-Development-in-America-A-Work-in-Progressdata

Infrastructure Development in America: A Work in Progress

Vaibhav February 23, 2026
Unlocking-the-Future-Why-Now-s-the-Time-to-Prepare-for-the-Quantum-Computing-Revolutiondata

Unlocking the Future: Why Now’s the Time to Prepare for the Quantum Computing Revolution

Vaibhav February 23, 2026
US-Healthcare-Data-Breach-Affects-140-000-Individualsdata

US Healthcare Data Breach Affects 140,000 Individuals

Vaibhav February 23, 2026
ClawHub-Users-Warned-Fake-Troubleshooting-Tips-Expose-Users-to-Infostealer-Malware-Infectionsdata

ClawHub Users Warned: Fake Troubleshooting Tips Expose Users to Infostealer Malware Infections

Vaibhav February 23, 2026
en_USEnglish
en_USEnglish