Sign in Get started

← All advisories

Unrated severityCISA KEVOSV Advisory· Published Dec 18, 2025· Updated Feb 26, 2026

CVE-2025-68461

CVE-2025-68461

Description

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.

Affected products

1

Roundcube/RoundcubemailOSV
Range: 1.1-beta, 1.1-rc, 1.1.0, …

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.