| Package | roundcube |
|---|---|
| Version | 1.3.17+dfsg.1-1~deb10u9 (buster) |
| Related CVEs | CVE-2025-68460 CVE-2025-68461 |
- CVE-2025-68460
-
Information disclosure vulnerability in the HTML style sanitizer.
- CVE-2025-68461
-
Cross-Site-Scripting (XSS) vulnerability via SVG’s
<animate>tag, which could allow a remote attacker to load arbitrary JavaScript code and might lead to privilege escalation or information disclosure via malicious SVG document.
For Debian 10 buster, these problems have been fixed in version 1.3.17+dfsg.1-1~deb10u9.
We recommend that you upgrade your roundcube packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.