CVE-2025-68645
CVE-2025-68645
In short
A flaw in Zimbra Webmail allows attackers to read files from the server by crafting special requests, without needing to log in. This exposes sensitive information stored on the web server.
Technical detail
Local File Inclusion vulnerability in RestFilter servlet of Zimbra ZCS 10.0/10.1 caused by improper parameter validation in /h/rest endpoint. Unauthenticated remote attacker can manipulate request dispatching to include arbitrary files from WebRoot directory, leading to information disclosure.
Summary generated and translated by AI from the official description.
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 6
githubgithub.com/MaxMnMl/zimbramail-CVE-2025-68645-poc★ 3githubgithub.com/chinaxploiter/CVE-2025-68645-PoC★ 2githubgithub.com/0xBlackash/CVE-2025-68645★ 2githubgithub.com/HarisAidhin/Poc_CVE-2025-68645★ 1githubgithub.com/faysalferdous/CVE-2025-68645-Exploiting-Zimbra-Webmail-LFI-Vulnerability★ 0githubgithub.com/its970/CVE-2025-68645★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →