- Server operating system version
- Ubuntu 24.04
- Plesk version and microupdate number
- 18.0.56 #2
Roundcube has a new vulnerability: CVE-2025-49113
Aleksander Machniak has released a secutity update: Roundcube Webmail 1.6.11
When can we expect this fix to be included in Plesk?
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Aleksander Machniak has released a secutity update: Roundcube Webmail 1.6.11
When can we expect this fix to be included in Plesk?