CVE-2020-12641 - Roundcube Webmail Remote Code Execution Vulnerability

Vulnerability Name

Roundcube Webmail Remote Code Execution Vulnerability

Description

Roundcube Webmail contains an remote code execution vulnerability that allows attackers to execute code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10

https://nvd.nist.gov/vuln/detail/CVE-2020-12641

Related News Articles

Russian hackers breach orgs to track aid routes to UkraineMay 22, 2025

Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid LogisticsMay 22, 2025

Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail ServersMay 15, 2025