CVE-2025-68461

MEDIUM6.1⚠ KEVEPSS 6.9%

RoundCube Webmail Cross-site Scripting Vulnerability

Published: 12/18/2025Modified: 5/29/2026Added to CISA KEV: 2/20/2026

Description

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.

Affected packages (1)

CVSS scores

SourceVersionSeverityVector
osvCVSS 3.1MEDIUM6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (1)