For informational purposes only

Vulnerability type: Sender Spoofing (sending emails that impersonate an internal sender) + Phishing Overlay (a rogue login form injected into the webmail interface)

The seller claims the exploit works against the latest versions of Roundcube. The advertised attack scenarios are sender spoofing and phishing overlay. According to the listing, the vulnerability can be leveraged both for targeted attacks against specific organizations and for mass campaigns against users of shared webmail hosting.

Roundcube Webmail is a widely used open-source webmail client deployed on hosting providers' servers (Roundcube ships by default with the popular cPanel hosting control panel), across corporate mail infrastructure, and in a wide range of self-hosted deployments. It provides browser-based access to email and is commonly used by organizations as a front-end for both internal and external communications. 

Back in September 2024, PT Expert Security Center researchers already documented attacks on government organizations in CIS countries carried out through this software.

💬 Discuss

0-day Exploit for Roundcube Webmail Up for Sale