VDB

CNVD-2025-12609

CNVD-2025-12609 PUBLISHED CVSS 9.899999618530273 CRITICAL

RoundCube Webmail是一款基于浏览器的开源多语言IMAP客户端,采用PHP+Ajax开发,提供类似桌面应用程序的操作界面和完整的邮件管理功能‌。 Roundcube Webmail存在反序列化漏洞,该漏洞源于未对actions/settings/upload.php中的_from参数进行校验所致,攻击者可利用该漏洞导致PHP对象反序列化,进一步获取服务器权限。

Risk Scores

CVSS 3.1
9.899999618530273
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersions
roundcubewebmail0, 1.6.0
RoundcubeWebmail0, 1.6.0

Timeline

  • May 19, 2025 CVE Published
  • Jun 2, 2025 PoC Published
  • Jun 2, 2025 PoC Published
  • Jun 2, 2025 PoC Published
  • Jun 2, 2025 PoC Published
  • Jun 3, 2025 PoC Published
  • Jun 3, 2025 PoC Published
  • Jun 3, 2025 PoC Published
  • Jun 4, 2025 PoC Published
  • Jun 4, 2025 PoC Published
  • Jun 4, 2025 PoC Published
  • Jun 4, 2025 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›