Hello, good afternoon. We received a report from one of our clients about a possible vulnerability in Roundcube affecting versions < 1.5.10 and 1.6.0–1.6.10. Issue link: CVE-2025-49113 – Post-Auth Remote Code Execution in Roundcube via PHP Object Deserialization. CVE‑2025‑49113 – Post‑Auth Remote …

[image] molero.renan: Remove system from disable_functions line (you’ll need to find this setting in the file and remove “system” from the list) Remove system from disable_functions line (you’ll need to find this setting in the file and remove “system” from the list) That was probably the is…

Please update your Roundcube to address CVE-2025-49113

Community Support Mail

nu01 August 26, 2025, 4:09am 5

This would work too. Same.