Unrated severityCISA KEVOSV Advisory· Published Dec 22, 2025· Updated Feb 26, 2026
CVE-2025-68645
CVE-2025-68645
Description
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >= 10.0, <= 10.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.