Cybersecurity analysts have uncovered information about a significant security vulnerability in the Roundcube webmail application that has remained undetected for ten years, potentially allowing attackers to compromise vulnerable systems and run arbitrary code.
The flaw, identified as CVE-2025-49113, has been assigned a CVSS rating of 9.9 out of 10.0. It has been characterized as a scenario of post-authentication remote code execution via