Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization [CVE-2025-49113]

https://fearsoff.org/research/roundcube

https://x.com/home/status/1930864399935582408

https://x.com/home/status/1930899188096610478

https://x.com/home/status/1930981141177377160

https://x.com/home/status/1931119421789286780