VDB
CVE-2025-68645
CVE-2025-68645
PUBLISHED
KEV
CVSS 8.800000190734863 HIGH
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.
EPSS 47.55% · 97.8th percentile
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
47.55%
97.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| synacor | zimbra_collaboration_suite | 10.0.0, 10.1.0, 10.0.0 |
| n/a | n/a | n/a |
Exploit Intelligence
- Crow5-oss/CVE-2025-68645 (github-poc-repo)
- Crow5-oss/CVE-2025-68645 (github-poc-repo)
- Crow5-oss/CVE-2025-68645 (github-poc-repo)
- Crow5-oss/CVE-2025-68645 (github-poc-repo)
- Crow5-oss/CVE-2025-68645 (github-poc-repo)
- Crow5-oss/CVE-2025-68645 (github-poc-repo)
- Crow5-oss/CVE-2025-68645 (github-poc-repo)
- Crow5-oss/CVE-2025-68645 (github-poc)
- Crow5-oss/CVE-2025-68645 (github-poc)
- Crow5-oss/CVE-2025-68645 (github-poc)
…and 195 more exploits
Timeline
- Aug 12, 2021 CrowdSec Sighting
- Oct 21, 2021 CrowdSec Sighting
- Sep 24, 2022 CrowdSec Sighting
- Sep 27, 2022 CrowdSec Sighting
- Nov 10, 2022 CrowdSec Sighting
- Dec 11, 2022 CrowdSec Sighting
- Feb 22, 2023 CrowdSec Sighting
- Apr 5, 2023 CrowdSec Sighting
- Aug 10, 2023 CrowdSec Sighting
- Sep 11, 2023 CrowdSec Sighting
- Mar 10, 2024 CrowdSec Sighting
- Jul 9, 2024 CrowdSec Sighting
References
- https://wiki.zimbra.com/wiki/Security_Center url
- https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-68645 url
- https://wiki.zimbra.com/index.php?title=Zimbra_Security_Advisories&oldid=71240 advisory
- https://wiki.zimbra.com/index.php?title=Zimbra_Security_Advisories&oldid=71244 advisory
- https://wiki.zimbra.com/index.php?title=Zimbra_Security_Advisories&oldid=71248 advisory
- https://wiki.zimbra.com/index.php?title=Zimbra_Security_Advisories&oldid=71246 advisory
- https://wiki.zimbra.com/index.php?title=Zimbra_Security_Advisories&oldid=71247 advisory
- https://wiki.zimbra.com/index.php?title=Zimbra_Security_Advisories&oldid=71242 advisory
- https://wiki.zimbra.com/index.php?title=Zimbra_Security_Advisories&oldid=71245 advisory
- https://wiki.zimbra.com/index.php?title=Zimbra_Security_Advisories&oldid=71243 advisory
- https://wiki.zimbra.com/index.php?title=Zimbra_Security_Advisories&oldid=71239 advisory
- https://wiki.zimbra.com/index.php?title=Zimbra_Security_Advisories&oldid=71250 advisory
- https://wiki.zimbra.com/index.php?title=Zimbra_Security_Advisories&oldid=71241 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-68645 advisory