← ExploitWatch
HomeExploited Vulnerabilities

CVE-2025-68461 — Actively Exploited: Webmail (Roundcube)

RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document.

CVE IDCVE-2025-68461
VendorRoundcube
ProductWebmail
Vulnerability nameRoundCube Webmail Cross-site Scripting Vulnerability
Date added2026-02-20
Remediation due2026-03-13
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionRoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →