πŸ”΄ CVE-2025-68461

CVE-2025-68461 is a Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail that allows attackers to execute malicious JavaScript via SVG animate tags. This directly affects internet-facing webmail servers and can lead to email account takeover without user credentials.

← Back to Overview
HIGH_RISK
Risk Level
7.2
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 β€” Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

πŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-12-18

Added to CISA KEV: 2026-02-20 64 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

πŸ” Web Intelligence (Kagi Β· 2026-02-20)

CVE-2025-68461 is a Cross-Site Scripting (XSS) vulnerability affecting Roundcube Webmail versions prior to 1.5.12 and 1.6 before 1.6.12 [2][3].

Here's what is known about its exploitation:

  • Internet-facing applications or services: The vulnerability affects Roundcube Webmail, which is commonly used as an internet-facing webmail client [1].
  • Evidence of active exploitation in the wild: While the vulnerability was disclosed in December 2025 [2], there is information suggesting active exploitation. One report from January 2026 indicates that the vulnerability "enables silent email account takeover through malicious animate tags" [1].
  • Attack vectors and exploitation methods: The vulnerability is exploited via a Cross-Site Scripting (XSS) flaw that occurs through the improper sanitization of SVG `animate` tags within an SVG document [1][2]. Attackers can send malicious SVG files, often embedded in emails, which execute JavaScript in the victim's browser [1]. This can lead to the hijacking of email accounts without requiring credentials [1].
  • Targeted attacks: The nature of the attack, which involves sending malicious emails, suggests it can be used in targeted attacks. The ability to hijack email accounts without credentials makes it a potent tool for attackers aiming to gain access to sensitive information or further compromise systems.
  • CISA Known Exploited Vulnerabilities status: Information regarding CVE-2025-68461's inclusion on the CISA Known Exploited Vulnerabilities (KEV) catalog is not available in the provided search results.
  • Technical details about internet exploitability: The vulnerability has a CVSS score of 7.2 [1][3], indicating a high severity. Successful exploitation requires user interaction, specifically the victim opening an email containing a malicious SVG [4]. The exploit leverages the `animate` tag within SVG documents to execute arbitrary JavaScript in the context of the user's session with Roundcube Webmail [1][2]. This can result in unauthorized access to the user's email account [1].
Mitigation: Security patches are available for Roundcube Webmail versions 1.5.12 and 1.6.12 [1][3]. However, the deployment of these patches may lag among hosting providers and bundled installations [1].

Sources

  1. Roundcube CVE-2025-68461: SVG XSS Vulnerability Enables Silent Email ...

    Roundcube Webmail contains a Cross-Site Scripting vulnerability (CVE-2025-68461, CVSS 7.2) that enables attackers to hijack email accounts by sending malicious SVG files. The flaw exploits improper sanitization of SVG animate tags to execute JavaScript in victim browsers, granting full account acces…

  2. CVE-2025-68461 Detail - NVD

    Description. Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.MITRE: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12 Types: Vendor Advisory. New CVE Received from MITRE 12/18/2…

  3. CVE-2025-68460 - Exploits & Severity - Feedly

    ... Severe, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 7.2, CVEs: CVE-2025-68461, CVE-2025-68460, Summary: CVE-2025-68461 (CVSS: 7.2): Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via ... This critical security pat…

  4. CVE-2025-68461

    This flaw is rated Moderate because successful exploitation requires user interaction - the victim must open an email containing a malicious SVG ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

πŸ“„ Download JSON Data | πŸ“‘ RSS Feed