Vulnerabilities4 min read
CISA Adds Two Roundcube Flaws to KEV After Active Exploitation
CISA adds CVE-2025-49113 (CVSS 9.9) and CVE-2025-68461 to KEV catalog after attackers weaponized the deserialization flaw within 48 hours. Federal agencies must patch by March 13.
Marcus ChenFeb 21, 2026