Critical Vulnerability in Roundcube Webmail Software Allows Attackers to Take Control of Systems

A critical vulnerability in the Roundcube webmail software, undetected for 10 years, allows attackers to take control of systems and execute arbitrary code. This vulnerability, listed under the number CVE-2025-49113, has a CVSS score of 9.9. An attacker can exploit this flaw to take control of affected systems. The vulnerability is present in the Roundcube webmail software.