CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Synacor: >> Zimbra Collaboration Suite >> 10.1.12 Security Vulnerabilities

CVE-2025-68645

Known exploited

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

CVSS Score

8.8

EPSS Score

0.254

Published

2025-12-22

Page 1

Vulnerabilities

Vulnerable Software

Synacor: >> Zimbra Collaboration Suite >> 10.1.12 Security Vulnerabilities

Products

Pricing

Contact Us