Local File Inclusion Vulnerability in Zimbra Collaboration by Zimbra
CVE-2025-68645
Key Information:
- Vendor
Zimbra
- Status
- Vendor
- CVE Published:
- 22 December 2025
Badges
What is CVE-2025-68645?
CVE-2025-68645 is a local file inclusion (LFI) vulnerability found in the Webmail Classic UI of Zimbra Collaboration (ZCS) versions 10.0 and 10.1. Zimbra is an open-source collaboration suite that provides functionalities such as email, calendar, and contact management. The LFI vulnerability arises due to inadequate handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can exploit this flaw by crafting specific requests aimed at the /h/rest endpoint, allowing them to manipulate internal request routing. This could enable attackers to include arbitrary files from the WebRoot directory into the application.
The potential ramifications for organizations using Zimbra Collaboration are significant, as unauthorized file access can lead to exposure of sensitive information and compromise of the application's integrity. If exploited, this vulnerability poses a serious risk to the confidentiality and availability of the data managed through Zimbra, ultimately threatening organizational operations and security.
Potential impact of CVE-2025-68645
-
Unauthorized Access to Sensitive Files: Attackers could leverage the vulnerability to gain access to confidential files stored within the WebRoot directory, leading to potential data breaches that could expose personal data, proprietary information, or other sensitive materials.
-
Application Integrity Compromise: By including arbitrary files, attackers may manipulate the behavior of the application or inject malicious scripts, which could disrupt services or facilitate further attacks on the infrastructure.
-
Increased Attack Surface: The presence of this vulnerability may embolden threat actors to conduct additional reconnaissance or exploit other vulnerabilities within the same or connected systems, increasing the overall risk to the organization's digital ecosystem.
CISA has reported CVE-2025-68645
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-68645 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
The Hacker NewsReferences
EPSS Score
28% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π°
First article discovered by The Hacker News
- π¦
CISA Reported
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved