Author Topic: Roundcube vulnerability (Read 165 times)

cyberspace · « **on:** June 19, 2025, 10:39:18 AM »

A new security vulnerability was found in Roundcube:
https://nvd.nist.gov/vuln/detail/CVE-2025-49113

The effected versions:
all versions before 1.5.10
all 1.6.x versions before 1.6.11

The most recent versions of Roundcube include the patch:
https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10

CWP uses Roundcube 1.4.x therefore it is highly recommended to update Roundcube

Instructions how to update Roundcube to 1.5.11:

Code: [Select]

cd /usr/local/cwpsrv/var/services
cp -R roundcube roundcube_backup
wget https://github.com/roundcube/roundcubemail/releases/download/1.5.11/roundcubemail-1.5.11-complete.tar.gz
tar -xvzf roundcubemail-1.5.11-complete.tar.gz
cd roundcubemail-1.5.11
bin/installto.sh /usr/local/cwpsrv/var/services/roundcube
cd ..
chown -R cwpsvc:cwpsvc roundcube
rm -rf roundcubemail-1.5.11*

Please note you do it on your own risk.

overseer · « **Reply #1 on:** June 19, 2025, 01:52:55 PM »

Yes, saw that a couple of weeks ago. Other updating directions are here, just update the version number from 1.5.8 to 1.5.11 (LTS version):
https://www.alphagnu.com/topic/33-update-cwp-roundcube-mail-version-158-%E2%80%93-control-web-panel/#comment-35

anandmys · « **Reply #2 on:** June 21, 2025, 06:27:45 AM »

Quote from: overseer on June 19, 2025, 01:52:55 PM

Yes, saw that a couple of weeks ago. Other updating directions are here, just update the version number from 1.5.8 to 1.5.11 (LTS version):
https://www.alphagnu.com/topic/33-update-cwp-roundcube-mail-version-158-%E2%80%93-control-web-panel/#comment-35

Worked perfectly on AL 8.10 installation

Used the "Centos 8 stream/EL8" instructions

anandmys · « **Reply #3 on:** June 21, 2025, 06:29:00 AM »

Quote from: cyberspace on June 19, 2025, 10:39:18 AM

A new security vulnerability was found in Roundcube:
https://nvd.nist.gov/vuln/detail/CVE-2025-49113

The effected versions:
all versions before 1.5.10
all 1.6.x versions before 1.6.11

The most recent versions of Roundcube include the patch:
https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10

CWP uses Roundcube 1.4.x therefore it is highly recommended to update Roundcube

Instructions how to update Roundcube to 1.5.11:

Code: [Select]
cd /usr/local/cwpsrv/var/services cp -R roundcube roundcube_backup wget https://github.com/roundcube/roundcubemail/releases/download/1.5.11/roundcubemail-1.5.11-complete.tar.gz tar -xvzf roundcubemail-1.5.11-complete.tar.gz cd roundcubemail-1.5.11 bin/installto.sh /usr/local/cwpsrv/var/services/roundcube cd .. chown -R cwpsvc:cwpsvc roundcube rm -rf roundcubemail-1.5.11*
Please note you do it on your own risk.

Got server error in roundcube after following the instructions. Maybe some step is missing.

cyberspace · « **Reply #4 on:** June 21, 2025, 08:43:55 AM »

What error did you get ?

Starburst · « **Reply #5 on:** June 21, 2025, 07:55:56 PM »

There are several steps missing @anandmys

I'll create a new KB article, the one we have online is for 1.5.9
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/update-roundcube-mail-version-1-5-9-in-cwp-on-almalinux-8-9/

Starburst · « **Reply #6 on:** June 22, 2025, 04:34:56 AM »

Here is the updated guide to update Roundcube to version 1.5.11:

https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/update-roundcube-webmail-to-version-1-5-11-in-cwp-on-almalinux-8-9/

Control Web Panel

Author Topic: Roundcube vulnerability (Read 165 times)

Roundcube vulnerability

Re: Roundcube vulnerability

Re: Roundcube vulnerability

Re: Roundcube vulnerability

Re: Roundcube vulnerability

Re: Roundcube vulnerability

Re: Roundcube vulnerability