Serial number: AV25-309
Date: June 2, 2025
Updated: February 20, 2026
On June 1, 2025, Roundcube published security advisories to address vulnerabilities in the following products:
- Webmail – versions prior to 1.5.10
- Webmail – versions prior to 1.6.11
Update 1
On February 20, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-49113 to their Known Exploited Vulnerabilities (KEV) Database.
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.