NOTE This template has now been implemented into CERT Polska's tool Artemis. I’m deeply honoured to be acknowledged by CERT Polska for this vulnerability detection script. It is a true privilege to play a part in strengthening global cyber security efforts through open-source contributions. CERT-Polska/Artemis#1762
This template looks at the HTML body for the rcversion value and then matches on vulnerable versions. Here is a mapping of the RAW HTML value and version mapping for Roundcube:
10502 1.5.2
10601 1.6.1
10506 1.5.6
10500 1.5.0
10609 1.6.9
10611 1.6.11
10510 1.5.10
10505 1.5.5
10503 1.5.3
10610 1.6.10
10509 1.5.9
10607 1.6.7
10602 1.6.2
10606 1.6.6
10605 1.6.5
This is not an exploit script but rather a script to detect whether an instance is vulnerable to CVE-2025-49113 based on versions.
- Download Nuclei from here
- Copy the template to your local system
- Run the following command:
nuclei -u https://yourHost.com -t template.yaml
- https://thehackernews.com/2025/06/critical-10-year-old-roundcube-webmail.html
- https://access.redhat.com/security/cve/cve-2025-49113
Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.
Feel free to reach out to me on Signal.