UBUNTU-CVE-2025-68461

Advisory lineage Upstream: 1 Downstream: 1

Upstream

Downstream

Published: 18 Dec 2025, 05:15

Last modified:19 Mar 2026, 08:25

Vulnerability Summary

Overall Risk (default)

low

24/100

CVSS Score

6.1 MEDIUM

3.1 (osv_ubuntu)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

18 Dec 2025, 05:15

Published

Vulnerability first disclosed

19 Mar 2026, 08:25

Last Modified

Vulnerability information updated

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.

ubuntu•roundcube
all | < 1.4.3+dfsg.1-1ubuntu0.1~esm6 | < 1.3.6+dfsg.1-1ubuntu0.1~esm6 | < 1.4.3+dfsg.1-1ubuntu0.1~esm7 | < 1.5.0+dfsg.1-2ubuntu0.1~esm5 | < 1.6.6+dfsg-2ubuntu0.1+esm2 | all