⚠️ CISA Known Exploited Vulnerability

Active Threat

This vulnerability is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. Active exploitation has been observed in the wild. This poses significant risk to federal enterprises and should be prioritized for immediate patching.

View CISA KEV Catalog

CVE-2025-68645

High CISA KEV

Low Medium High Critical

8.8

CVSS Score

Published: Dec 22, 2025

Last Modified: Jan 23, 2026

CWE: CWE-98

Vulnerability Description

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

24 configuration(s) from 1 vendor(s)

zimbra_collaboration_suite

Version:

10.0.10

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.10:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.0.13

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.13:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.0.4

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.4:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.0.8

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.8:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.1.7

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.7:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.0.5

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.5:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.1.5

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.5:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.0.14

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.14:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.1.1

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.1:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.0.6

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.6:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.0.11

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.11:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.0.7

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.7:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.1.2

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.2:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.0.0

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.0:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.1.4

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.4:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.0.1

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.1:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.0.9

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.9:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.0.2

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.2:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.1.0

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.0:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.0.3

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.3:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.1.8

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.8:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.0.12

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.12:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.1.3

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.3:*:*:*:*:*:*:*

zimbra_collaboration_suite

Version:

10.1.6

CPE:

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.6:*:*:*:*:*:*:*

This vulnerability affects 24 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

8.8

out of 10.0

High

CISA KEV Status

Active Exploitation

Listed in CISA's Known Exploited Vulnerabilities catalog

View on CISA KEV

Weakness Type (CWE)

CWE-98

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Description: The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
Exploit Likelihood: High
Typical Severity: Medium
Abstraction Level: Variant