PT-2025-51990 · Roundcube+2 · Roundcube Webmail+2

Valentin T

Published

2025-12-13

Updated

2026-04-01

CVE-2025-68460

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Roundcube versions prior to 1.5.12 Roundcube versions prior to 1.6.12

Description An information disclosure issue exists in the HTML style sanitizer component of Roundcube Webmail. The issue could allow for the disclosure of information.

Recommendations Update Roundcube to version 1.5.12 or later. Update Roundcube to version 1.6.12 or later.

Fix

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116

Related Identifiers

BDU:2025-16316

CVE-2025-68460

DLA-4415-1

DSA-6087-1

MGASA-2025-0332

OPENSUSE-SU-2026:20323-1

Affected Products

Debian

Red Os

Roundcube Webmail

PT-2025-51990 · Roundcube+2 · Roundcube Webmail+2

CVE-2025-68460

Weakness Enumeration

Related Identifiers

Affected Products

References · 39