VDB

CVE-2025-68645

CVE-2025-68645 PUBLISHED KEV CVSS 8.800000190734863 HIGH

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

EPSS 47.55% · 97.8th percentile

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
47.55%
97.8th percentile

Affected Products

VendorProductVersions
synacorzimbra_collaboration_suite10.0.0, 10.1.0, 10.0.0
n/an/an/a

Exploit Intelligence

…and 195 more exploits

Timeline

  • Aug 12, 2021 CrowdSec Sighting
  • Oct 21, 2021 CrowdSec Sighting
  • Sep 24, 2022 CrowdSec Sighting
  • Sep 27, 2022 CrowdSec Sighting
  • Nov 10, 2022 CrowdSec Sighting
  • Dec 11, 2022 CrowdSec Sighting
  • Feb 22, 2023 CrowdSec Sighting
  • Apr 5, 2023 CrowdSec Sighting
  • Aug 10, 2023 CrowdSec Sighting
  • Sep 11, 2023 CrowdSec Sighting
  • Mar 10, 2024 CrowdSec Sighting
  • Jul 9, 2024 CrowdSec Sighting
Open in Interactive Console →
$ Console Community · 100/wk Open console ›