Back to advisories

Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

China-aligned group UNK_MassTraction is actively exploiting critical Roundcube vulnerabilities (CVE-2024-42009, CVE-2025-49113) to target physics and engineering departments at U.S. and Canadian universities. Attackers are stealing credentials and deploying web shells for persistent access. If your institution runs Roundcube webmail, you are a likely target.

CRITICALAdvisoryJul 09, 2026
Action required
Immediately patch Roundcube to the latest version. Search logs for exploitation of CVE-2024-42009 and CVE-2025-49113. Hunt for web shells and VShell artifacts in webmail directories. Review user sessions for unauthorized access to physics and engineering department accounts.
Affected products
RoundcubeProofpoint