Local File Inclusion Vulnerability in Zimbra Collaboration by Zimbra

CVE-2025-68645

What is CVE-2025-68645?

CVE-2025-68645 is a local file inclusion (LFI) vulnerability found in the Webmail Classic UI of Zimbra Collaboration (ZCS) versions 10.0 and 10.1. Zimbra is an open-source collaboration suite that provides functionalities such as email, calendar, and contact management. The LFI vulnerability arises due to inadequate handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can exploit this flaw by crafting specific requests aimed at the /h/rest endpoint, allowing them to manipulate internal request routing. This could enable attackers to include arbitrary files from the WebRoot directory into the application.

The potential ramifications for organizations using Zimbra Collaboration are significant, as unauthorized file access can lead to exposure of sensitive information and compromise of the application's integrity. If exploited, this vulnerability poses a serious risk to the confidentiality and availability of the data managed through Zimbra, ultimately threatening organizational operations and security.

Potential impact of CVE-2025-68645

1. Unauthorized Access to Sensitive Files: Attackers could leverage the vulnerability to gain access to confidential files stored within the WebRoot directory, leading to potential data breaches that could expose personal data, proprietary information, or other sensitive materials.

2. Application Integrity Compromise: By including arbitrary files, attackers may manipulate the behavior of the application or inject malicious scripts, which could disrupt services or facilitate further attacks on the infrastructure.

3. Increased Attack Surface: The presence of this vulnerability may embolden threat actors to conduct additional reconnaissance or exploit other vulnerabilities within the same or connected systems, increasing the overall risk to the organization's digital ecosystem.

References