Roundcube

Hack The Box: Outbound Machine Walkthrough – Easy Difficulity

Successfully completed the Outbound HTB machine. Initial access was gained by exploiting CVE‑2025‑49113 in Roundcube 1.6.10 using Tyler’s credentials, which allowed remote code execution.

Investigation of Roundcube’s configuration revealed database credentials, enabling decryption of Jacob’s session data and retrieval of his plaintext password. Using this, SSH access was obtained to capture the user flag.

Privilege escalation was achieved via CVE‑2025‑27591 by exploiting a world-writable /var/log/below directory, allowing command execution as root and retrieval of the root flag. This walkthrough highlights the importance of secure configuration, patching, and proper permission management.

#HackTheBox #CyberSecurity #PenTesting #EthicalHacking #VulnerabilityExploitation #Roundcube #PrivilegeEscalation #LinuxSecurity #CVE2025

The post Hack The Box: Outbound Machine Walkthrough – Easy Difficulity appeared first on Threatninja.net.

November 15, 2025
0 comment
Read More >>

Over 80,000 servers hit as Roundcube RCE bug gets rapidly exploited

A critical remote code execution (RCE) vulnerability in Roundcube was exploited days after patch, impacting over 80,000 servers. Threat actors exploited a critical remote code execution (RCE) flaw in Roundcube, tracked as CVE-2025-49113, just days after the patch was released, targeting over 80,000 servers. Roundcube is a popular webmail platform and has been repeatedly targeted […]

June 11, 2025
0 comment
Read More >>

Roundcube Webmail under fire: critical exploit found after a decade

A critical flaw in Roundcube webmail, undetected for 10 years, allows attackers to take over systems and execute arbitrary code. A critical flaw, tracked as CVE-2025-49113 (CVSS score of 9.9) has been discovered in the Roundcube webmail software. The vulnerability went unnoticed for over a decade, an attacker can exploit the flaw to take control […]

June 4, 2025
0 comment
Read More >>

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

An APT group, tracked as TAG-70, linked to Belarus and Russia exploited XSS flaws in Roundcube webmail servers to target over 80 organizations. Researchers from Recorded Future’s Insikt Group identified a cyberespionage campaign carried out by an APT group, tracked as TAG-70, linked to Belarus and Russia. The nation-state actors are known to carry out […]

February 19, 2024
0 comment
Read More >>

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Russia-linked threat actor Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software. Russian APT group Winter Vivern (aka TA473) has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023. ESET researchers pointed out that is a different vulnerability than CVE-2020-35730, that the group exploited in other attacks. The Winter […]

The post Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks appeared first on Security Affairs.

October 26, 2023
0 comment
Read More >>