CVE-2025-68645

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite (ZCS) versions 10.0 and 10.1

Description A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration Suite (ZCS) due to improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory. Exploitation has been observed in active attacks, with attackers targeting files such as /WEB-INF/web.xml and attempting to obtain OAuth tokens. The vulnerability allows attackers to read server files and potentially execute arbitrary code. Reports indicate active exploitation of this vulnerability since January 14, 2026, and it has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog.

Recommendations Apply the latest security patches provided by Synacor/Zimbra for versions 10.0 and 10.1. Restrict access to the /h/rest endpoint to trusted IP ranges. Implement strict input validation for all parameters submitted to the /h/rest endpoint.