Hacker Sells Critical Roundcube Exploit Online

Hackers are actively exploiting a critical vulnerability in Roundcube, an open-source webmail application, exposing users to remote code execution attacks. The flaw, tracked as CVE-2025-49113, allows attackers to run malicious code on targeted servers without authentication. As technical details about the vulnerability have surfaced online, threat actors are now selling exploits on underground forums, increasing the risk of widespread abuse.

Roundcube is widely used by organizations that rely on self-hosted email solutions, making the potential attack surface significant. The vulnerability’s critical severity underscores the urgency for administrators to apply available security patches and mitigate exposure. Security researchers warn that the public disclosure of the exploit’s mechanics has accelerated its weaponization by cybercriminals.

The ongoing exploitation of CVE-2025-49113 highlights the persistent threats facing open-source infrastructure. It also raises concerns about the timing of vulnerability disclosures and the rapid monetization of exploits before patches are widely deployed across affected systems.