In a festive revelation, cybersecurity researchers have blown the dust off an ancient Roundcube webmail bug, finally inviting it into the spotlight for its long-overdue 10th birthday party. This little code fiend, CVE-2025-49113, has been stealthily lurking around, refusing to grow up, and now, it’s demanding to be taken seriously with a CVSS score of 9.9—because who doesn’t love a party crasher?

The bug, clearly suffering from a decade-long identity crisis, allows authenticated users to execute arbitrary code as if they’re slipping into the system’s secret after-party. It’s the digital equivalent of lending your house key to a raccoon and wondering why all your snacks are missing the next day.

Experts have advised system administrators to finally secure the barn door—ten years after the horse has bolted, taken over the farm, and started its own cryptocurrency exchange. As Roundcube users scramble to patch, the bug continues its world tour, leaving no inbox unturned in its quest for post-authentication magnificence.