FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Post-Auth Remote Code Execution found in Roundcube Webmail

Affected packages
roundcube-php81 < 1.6.11
roundcube-php82 < 1.6.11
roundcube-php83 < 1.6.11
roundcube-php84 < 1.6.11

Details

VuXML ID 0d6094a2-4095-11f0-8c92-00d861a0e66d
Discovery 2025-06-01
Entry 2025-06-03

Roundcube Webmail reports:

Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v

References

CVE Name CVE-2025-49113
URL https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10