Exploit for CVE-2025-49113

Name: Exploit for CVE-2025-49113
Rating: 5 (191 reviews)
2025-07-11 | CVSS 9.9
## https://sploitus.com/exploit?id=5958B812-8250-5DE7-AB4A-D1EFE0E2E111
# Roundcube RCE Lab (CVE-2025-49113)

[![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://github.com/codespaces/new?repo=YOUR_USERNAME/YOUR_REPOSITORY_NAME)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

A hands-on, containerized lab environment to simulate and exploit a critical Post-Authentication RCE vulnerability in Roundcube Webmail, identified as `CVE-2025-49113`.

## 📖 About The Vulnerability

This lab demonstrates a sophisticated attack chain against the Roundcube webmail client. The vulnerability is a **Post-Authentication Remote Code Execution (RCE)** caused by improper handling of PHP session data, leading to **PHP Object Deserialization**.

An authenticated attacker can craft a malicious PHP object, inject it into the server's session data through an endpoint like the image upload functionality, and then trigger its deserialization by performing a seemingly benign action, such as logging out. This forces the server to execute arbitrary code provided by the attacker.

### Key Concepts
- **PHP Object Injection:** The core of the attack, where a serialized PHP object is passed into the application.
- **Gadget Chain:** A sequence of classes and methods within the application's codebase (`Crypt_GPG_Engine` in this case) that can be abused by the deserialization process to perform unintended actions.
- **Session Corruption:** The technique used to inject the malicious object into the user's server-side session.

---

## 🎯 Live Simulation Lab

This repository contains a vulnerable Roundcube instance ready for you to exploit. The lab can be run instantly in the cloud or on your local machine.

### Method 1: Run in GitHub Codespaces (Recommended)

This is the easiest way to get started. It provides a pre-configured, cloud-based environment in your browser.

1.  **Launch Codespace:** Click the "Open in GitHub Codespaces" badge at the top of this README.
    [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://github.com/codespaces/new?repo=hackmelocal/CVE-2025-49113-Simulation)

2.  **Wait for Setup:** GitHub will prepare your environment. Once complete, a terminal will appear.

3.  **Start the Vulnerable Services:** In the VS Code terminal, run the following single command:
    ```bash
    docker compose up
    ```
    This will start the vulnerable Roundcube instance, a mail server, and a database. You will see a "Ports" tab appear. Click the link for Port `8080` to open Roundcube in a new browser tab.

4.  **Perform the Exploit:**
    - Open a **new terminal** in your Codespace (Click the `+` icon in the terminal panel).
    - Follow the instructions in the "🚀 How to Run the Exploit" section below.

### Method 2: Run Locally

Run the entire lab on your own machine with Docker.

**Prerequisites:**
- [Docker](https://docs.docker.com/get-docker/) installed.
- [Docker Compose](https://docs.docker.com/compose/install/) installed.

**Instructions:**
1.  **Clone the Repository:**
    ```bash
    git clone https://github.com/hackmelocal/CVE-2025-49113-Simulation.git
    cd CVE-2025-49113-Simulation
    ```

2.  **Start the Vulnerable Services:** In your terminal, run the command:
    ```bash
    docker compose up
    ```

3.  **Access Roundcube:** Open your web browser and navigate to `http://localhost:9876`.

4.  **Perform the Exploit:**
    - Open a **new, separate terminal window**.
    - Follow the instructions in the next section.