CNNVD-202512-3718 Information

CNNVD ID

CNNVD-202512-3718

Related CVE

CVE-2025-68460

• CNNVD Published: 2025-12-18

Description (Chinese)

Roundcube Webmail是Roundcube开源的一款基于浏览器的开源IMAP客户端，它支持地址薄管理、信息搜索、拼写检查等。 Roundcube Webmail 1.5.12之前版本和1.6.12之前的1.6版本存在安全漏洞，该漏洞源于HTML样式清理器存在信息泄露。

Description (English)

Rundcube Webmail is an open-source IMAP client based on a browser that supports address book management, information search, spell checking, etc. There is a security loophole in previous editions of Rundcube Webmail 1.5.12 and 1.6 before 1.6.12, which stems from the leak of information from the HTML style cleaner.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Roundcube

Published

2025-12-18

Last Modified

2026-02-24

References

https://github.com/roundcube/roundcubemail/commit/08de250fba731b634bed188bbe18d2f6ef3c7571 https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12

Patch

https://roundcube.net/download/