securityweek.com·Feb 23, 2026
The US cybersecurity agency CISA has warned of two vulnerabilities in RoundCube Webmail being actively exploited, urging federal agencies and organizations to patch these flaws promptly to prevent potential security breaches.
CISA has identified two critical vulnerabilities in RoundCube Webmail, CVE-2025-49113 and CVE-2025-68461, which are actively exploited. Given their prevalence in government and enterprise networks, it's imperative for organizations to prioritize patching these vulnerabilities within the recommended three-week timeline. Regularly reviewing CISA’s Known Exploited Vulnerabilities (KEV) catalog can help maintain robust security posture.