🔴 CVE-2025-68645

Local File Inclusion vulnerability in Zimbra Collaboration webmail allows unauthenticated remote attackers to include arbitrary files via crafted requests to /h/rest endpoint. Zimbra is commonly deployed as internet-facing email server infrastructure.

← Back to Overview
HIGH_RISK
Risk Level
8.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-12-22

Added to CISA KEV: 2026-01-22 31 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-01-22)

There is limited information available regarding the exploitation of CVE-2025-68645.

Here's what is known:

  • Vulnerability Type: CVE-2025-68645 is a Local File Inclusion (LFI) vulnerability that exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) versions 10.0 and 10.1. This vulnerability arises from the improper handling of user-supplied request parameters in the RestFilter servlet [1].
  • Internet-Facing Applications/Services: Given that it affects Zimbra Collaboration's Webmail UI, it is likely to impact internet-facing applications or services that utilize this webmail interface.
  • Evidence of Active Exploitation: There is no direct evidence in the provided search results indicating that CVE-2025-68645 is currently being actively exploited in the wild. CISA's Known Exploited Vulnerabilities (KEV) catalog is updated based on evidence of active exploitation [3][4], and CVE-2025-68645 is not mentioned in relation to these updates.
  • Attack Vectors and Exploitation Methods: The vulnerability is described as a Local File Inclusion (LFI) issue, which typically involves an attacker manipulating input parameters to include and execute arbitrary files on the server. The "Attack Complexity" is noted as a factor in exploitability, with a low complexity indicating minimal effort is required [2].
  • Targeted Attacks: There is no information available to suggest whether CVE-2025-68645 has been used in targeted attacks.
  • CISA Known Exploited Vulnerabilities (KEV) Status: CVE-2025-68645 is not listed in CISA's Known Exploited Vulnerabilities (KEV) Catalog based on the provided search results.
  • Technical Details about Internet Exploitability: The vulnerability stems from improper handling of user-supplied request parameters in the RestFilter servlet within Zimbra Collaboration's Webmail Classic UI [1]. This suggests that attackers could potentially exploit this by crafting specific requests to include unintended files, leading to unauthorized access or execution.

Sources

  1. NVD - CVE-2025-68645

    CVE-2025-68645 Detail. Description. A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet.CVSS information contributed by other sources is also…

  2. CVE-2025-68645 Security Vulnerability & Exploit Details

    CVE-2025-68645 Vulnerability Analysis & Exploit Details.Attack Complexity (AC) measures the difficulty in executing an exploit. A high AC means that specific conditions must be met, making an attack more challenging, while a low AC means the vulnerability can be exploited with minimal effort. Privil…

  3. CISA Adds One Known Exploited Vulnerability to Catalog

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE ...

  4. CISA Adds Three Known Exploited Vulnerabilities to Catalog

    CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed