CISA Adds Two Known Exploited Vulnerabilities to Catalog
Summary
CISA added two new vulnerabilities, CVE-2025-49113 and CVE-2025-68461, affecting RoundCube Webmail, to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities, a deserialization flaw and a cross-site scripting issue, are actively exploited and pose a significant risk. CISA urges all organizations to prioritize patching KEV Catalog vulnerabilities.
IFF Assessment
The addition of actively exploited vulnerabilities to the KEV catalog indicates increased risk for organizations using the affected software.
Severity
Defender Context
Organizations should immediately identify and patch any instances of RoundCube Webmail to address CVE-2025-49113 and CVE-2025-68461. The presence of these vulnerabilities in the KEV catalog means they are under active exploitation, highlighting the need for proactive vulnerability management and timely patching. Defenders should continuously monitor the KEV catalog for new additions and prioritize remediation based on risk.