**Name of the Vulnerable Software and Affected Versions:**

Roundcube versions 1.1.0 through 1.6.10

**Description:**

Roundcube Webmail contains a PHP Object Deserialization vulnerability in the ` from` parameter within a URL, potentially allowing a remote attacker to execute arbitrary code. This vulnerability affects authenticated users. Exploitation has been observed in the wild, with proof-of-concept exploits publicly available. Over 84,000 systems are estimated to be vulnerable. The vulnerability stems from a lack of input validation during the deserialization process.

**Recommendations:**

Update Roundcube to version 1.5.10 or 1.6.11, or later.