Vulnerability cyber

GoDaddy

Jun 6, 2025 1 min read
GoDaddy

Hackers are exploiting a critical vulnerability in the Roundcube webmail application, which is widely used by hosting providers like GoDaddy. The vulnerability, CVE-2025-49113, allows remote code execution and has a severity score of 9.9 out of 10. This vulnerability has been present for over a decade and impacts versions 1.1.0 through 1.6.10. Despite a patch being released, attackers have reverse-engineered the fix and are selling exploits on hacker forums. The wide use of Roundcube, including by government and academic institutions, makes the attack surface significant. The vulnerability can lead to data breaches and significant impact on organizations using the application.

Source: https://www.bleepingcomputer.com/news/security/hacker-selling-critical-roundcube-webmail-exploit-as-tech-info-disclosed/

TPRM report: https://scoringcyber.rankiteo.com/company/godaddy

"id": "god616060625",
"linkid": "godaddy",
"type": "Vulnerability",
"date": "6/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Webmail',
                        'location': 'Global',
                        'name': 'Roundcube',
                        'type': 'Software'}],
 'attack_vector': 'Exploiting CVE-2025-49113',
 'date_detected': '2025-06-01',
 'description': 'Hackers are likely starting to exploit CVE-2025-49113, a '
                'critical vulnerability in the widely used Roundcube '
                'open-source webmail application that allows remote execution. '
                'The security issue has been present in Roundcube for over a '
                'decade and impacts versions of Roundcube webmail 1.1.0 '
                'through 1.6.10. It received a patch on June 1st. It took '
                'attackers just a couple of days to reverse engineer the fix, '
                'weaponize the vulnerability, and start selling a working '
                'exploit on at least one hacker forum.',
 'impact': {'systems_affected': ['Roundcube webmail versions 1.1.0 through '
                                 '1.6.10']},
 'initial_access_broker': {'entry_point': 'Lack of sanitization of the '
                                          "$_GET['_from'] parameter"},
 'motivation': 'Financial gain through selling exploits',
 'post_incident_analysis': {'root_causes': 'Lack of sanitization of the '
                                           "$_GET['_from'] parameter leading "
                                           'to PHP Object deserialization'},
 'references': [{'date_accessed': '2025-06-01', 'source': 'Kirill Firsov'}],
 'title': 'Exploitation of CVE-2025-49113 in Roundcube Webmail',
 'type': 'Remote Code Execution (RCE)',
 'vulnerability_exploited': 'CVE-2025-49113'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.