CVE-2025-68461

HIGH KEV

Roundcube Webmail < 1.5.12 and 1.6 < 1.6.12 - Cross-Site Scripting via SVG Animate Tag

Title source: llm

Exploitation Summary

CVE-2025-68461 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added February 20, 2026. EIP tracks 2 public exploits from researchers including rxerium, gotr00t0day.

AI-analyzed exploit summary This repository contains a Nuclei template for detecting vulnerable Roundcube Webmail instances affected by CVE-2025-68461, an XSS vulnerability via SVG animate tags. It extracts version information and checks against known vulnerable versions.

Description

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.

Exploits (2)

nomisec SCANNER 16 stars

by rxerium · poc

https://github.com/rxerium/CVE-2025-68461

View Code ZIP pw:eip

This repository contains a Nuclei template for detecting vulnerable Roundcube Webmail instances affected by CVE-2025-68461, an XSS vulnerability via SVG animate tags. It extracts version information and checks against known vulnerable versions.

Classification

Scanner 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Roundcube Webmail < 1.5.12, 1.6.0-1.6.11

No auth needed

Prerequisites: Access to Roundcube Webmail instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec SCANNER 4 stars

by gotr00t0day · poc

https://github.com/gotr00t0day/CVE-2025-68461

View Code ZIP pw:eip

This repository contains a C++ scanner tool designed to detect CVE-2025-68461, an XSS vulnerability in Roundcube Webmail versions 1.5.0-1.5.11 and 1.6.0-1.6.11. The tool extracts version information from Roundcube instances and checks against known vulnerable versions.

Classification

Scanner 95%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Roundcube Webmail 1.5.0-1.5.11, 1.6.0-1.6.11

No auth needed

Prerequisites: Access to target Roundcube Webmail instance · OpenSSL 3.x for SSL/TLS support

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Patch

https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb

View Patch ZIP pw:eip

Vendor Advisory

https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-68461

Scores

CVSS v3 7.2

EPSS 0.1141

EPSS Percentile 93.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2026-02-20

VulnCheck KEV 2026-02-20

ENISA EUVD EUVD-2025-204035

CWE

CWE-79

Status published

Products (1)

roundcube/webmail < 1.5.12

Published Dec 18, 2025

KEV Added Feb 20, 2026

Tracked Since Feb 18, 2026