MGASA-2025-0185
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 11 Jun 2025, 17:43
Last modified:16 Apr 2026, 04:21
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
11 Jun 2025, 17:43
Published
Vulnerability first disclosed
16 Apr 2026, 04:21
Last Modified
Vulnerability information updated
Description
Updated roundcubemail packages fix security vulnerability A Post-Auth RCE was announced and fixed in the latest release.
Affected Systems
- mageia•roundcubemail
< 1.6.11-2.mga9
References (6)
- https://advisories.mageia.org/MGASA-2025-0185.html
- https://bugs.mageia.org/show_bug.cgi?id=34341
- https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10
- https://www.openwall.com/lists/oss-security/2025/06/02/1
- https://www.openwall.com/lists/oss-security/2025/06/02/3
- https://lists.debian.org/debian-security-announce/2025/msg00098.html