Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Critical 10-year Error Webmail RoundCube allows users to run the malicious code
Global Security

Critical 10-year Error Webmail RoundCube allows users to run the malicious code

AdminBy AdminJune 3, 2025No Comments2 Mins Read
Roundcube Webmail Bug
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


03 June 2025Red LakshmananSecurity / vulnerability email

Error in Web -Pash Roundcube

Cybersecurity researchers have revealed details of the critical security lack of Webmail RoundCube software, which has left unnoticed over the decade and can be used to have sensitive systems and arbitrary code.

Vulnerability tracked as Cve-2025-4913Carries CVSS 9.9 out of 10.0. It has been described as a case of post -auto -performing remote code using the PHP facility.

“Webmail RoundCube up to 1.5.10 and 1.6.x to 1.6.11 allows to execute the deleted code by authenticated users, since the _from parameter in the URL is not confirmed in the program/actions/settings/upload.php, which leads to desserization of the PHP object,” – said description Lack of the National Vulnerability Nist (NVD).

The disadvantage affecting all versions of the software before and including 1.6.10 was addressed to 1.6.11 and 1.5.10 lts. Cyril Fires, founder and CEO of Fearsoff, are attributed to the detection and report on the lack.

Cybersecurity

Cybersecurity campaign based on Dubai noted In a short recommendation that intends to make public additional technical data and proof of the concept (POC) “fast” to give users enough time to apply the necessary patches.

https://www.youtube.com/watch?v=tbktbmjwhjy

Previously disclosed security vulnerabilities in RoundCube were a profitable goal for nation -threatening subjects such as APT28 and Winter Viven. Last year, positive technology showed that unspecified hackers tried To use the RoundCube deficiency (CVE-2014-37383) as part of a phishing attack intended for theft of users’ powers.

Then a couple of weeks ago, eset noted What APT28 has taken vulnerabilities for scripting scripts (XSS) in various web post-servers such as RoundCube, Horde, MDAEMON and Zimbra to collect confidential data from certain e-mail accounts and defense companies in Eastern Europe.

Found this article interesting? Keep track of us further Youter  and LinkedIn To read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025

New data Wiper Pathwiper Data Wiper violates Ukrainian critical infrastructure in 2025 attack

June 6, 2025

Popular Chrome Extensions API leaks, user data via HTTP and Hard Codes

June 5, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025

New data Wiper Pathwiper Data Wiper violates Ukrainian critical infrastructure in 2025 attack

June 6, 2025

Popular Chrome Extensions API leaks, user data via HTTP and Hard Codes

June 5, 2025

Researchers in detail in detail decisively developing tactics as it expands its geographical volume

June 5, 2025

Iran related

June 5, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.