USN-7584-1

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2025-49113 UBUNTU-CVE-2025-49113

Published: 19 Jun 2025, 19:14

Last modified:23 Feb 2026, 21:27

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

19 Jun 2025, 19:14

Published

Vulnerability first disclosed

23 Feb 2026, 21:27

Last Modified

Vulnerability information updated

Description

roundcube vulnerability It was discovered that Roundcube Webmail did not properly sanitize the _from parameter in a URL, leading to PHP Object Deserialization. A remote attacker could possibly use this issue to execute arbitrary code.

Affected Systems

ubuntu•roundcube
< 1.2~beta+dfsg.1-0ubuntu1+esm6 | < 1.3.6+dfsg.1-1ubuntu0.1~esm5 | < 1.4.3+dfsg.1-1ubuntu0.1~esm5 | < 1.5.0+dfsg.1-2ubuntu0.1~esm4 | < 1.6.6+dfsg-2ubuntu0.1

References (2)

https://ubuntu.com/security/notices/USN-7584-1
https://ubuntu.com/security/CVE-2025-49113