Remote Code Execution Vulnerability Detected in Roundcube: Plesk Quickly Releases Update
Following the critical vulnerability (CVE-2025-49113) detected in the Roundcube Webmail system, Plesk released an update on June 5. This vulnerability, which can lead to remote code execution, can affect millions of servers. It is highly recommended to update.
Critical vulnerability discovered in Roundcube
A critical vulnerability that could allow remote code execution has been discovered in Roundcube Webmail versions prior to 1.5.10 and 1.6.x series prior to 1.6.11. The vulnerability has been identified as CVE-2025-49113.
Plesk intervened quickly
After this vulnerability was made public, Plesk released an update on June 5th to fix the security vulnerability. The update is expected to reach servers with Plesk panels automatically. However, users are strongly advised to make sure that the update is installed on their systems.
Which versions are affected, which updates are required?
Plesk officials listed the updates that fixed the security vulnerability as follows:
Plesk Obsidian 18.0.70 Update 1
Plesk Obsidian 18.0.69 Update 4
Users whose systems are older than these versions should update immediately.
Alternative solution: Switching between servers
For users who cannot get the update directly, Plesk offers a server-to-server migration option, which allows users to switch to a more up-to-date Plesk version and avoid security vulnerabilities.
Plesk lifecycle policy should be taken into consideration
It was emphasized that users should examine Plesk's Lifecycle Policy rules and develop long-term solutions for older versions that do not have update support.
Source: CUMHA - CUMHURS NEWS AGENCY
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
