FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Post-Auth Remote Code Execution found in Roundcube Webmail

Affected packages
		roundcube-php81	<	1.6.11
		roundcube-php82	<	1.6.11
		roundcube-php83	<	1.6.11
		roundcube-php84	<	1.6.11

Details

VuXML ID	0d6094a2-4095-11f0-8c92-00d861a0e66d
Discovery	2025-06-01
Entry	2025-06-03

Roundcube Webmail reports:

Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v

[source]

References

CVE Name	CVE-2025-49113
URL	https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.