CVE-2025-68461

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.

Published Date :

Last Modified :

Source :

The following products are affected by CVE-2025-68461 vulnerability.

Vendors	Products
Roundcube	Webmail

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-68461.

URL	Resource
https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb
https://nvd.nist.gov/vuln/detail/CVE-2025-68461
https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-68461
https://www.cve.org/CVERecord?id=CVE-2025-68461

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact