Roundcube Vulnerabilities: Critical Score, File Manipulation, XSS

This advisory from CERT-Bund details critical vulnerabilities in Roundcube versions prior to 1.5.14, 1.6.14, and 1.7-rc5. The vulnerabilities, rated with a critical CVSS base score of 10.0, enable remote attackers to manipulate files, bypass security controls, execute cross-site scripting (XSS) attacks, and disclose information. The advisory applies to Roundcube installations on Linux, UNIX, and Windows operating systems.

Organizations using affected versions of Roundcube must take immediate action to mitigate these risks. Mitigation is available, and users are strongly advised to update to patched versions as soon as possible to prevent exploitation. Failure to address these vulnerabilities could lead to significant data breaches and system compromise.