[VULNERABILITY ALERT] Zimbra's Zimbra Collaboration Suite Contains a Critical Security Vulnerability (CVE-2025-68645)

• Subject: [VULNERABILITY ALERT] Zimbra's Zimbra Collaboration Suite Contains a Critical Security Vulnerability (CVE-2025-68645)

• Content Description:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202512-00000014
  • A critical Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of the email server system Zimbra Collaboration Suite, assigned vulnerability number CVE-2025-68645 (CVSS: 8.8).
  • This vulnerability stems from improper handling of user-provided request parameters by the RestFilter Servlet. A remote unauthenticated attacker can make requests to the /h/rest endpoint, thereby influencing internal request distribution and including arbitrary files within the WebRoot directory.
• Affected Platforms:
  • Zimbra Collaboration Suite version 10.0
  • Zimbra Collaboration Suite version 10.1
• Recommended Actions:
  • Apply patches according to the solutions released on the official website.
• Reference Material:
  1. https://www.twcert.org.tw/tw/cp-169-10593-468c8-1.html

Computer and Communication Center
Network Systems Division, Respectfully