Hackers are actively exploiting a critical vulnerability (CVE-2025-49113) in the popular Roundcube webmail application, enabling remote code execution and putting numerous users at risk.
Discussion
Any public PoCs yet? I don't care enough to write one, but I know a Roundcube admin and I'd link them to one if it was available.
It's a lot harder for blueteamers to bang out a PoC for testing than it is for an attacker to do so for attacking. It's just not their core skillset, and time is never on their side.