POSTING DATE: 2025/12/29

[VULNERABILITY ALERT] Zimbra's Zimbra Collaboration Suite Contains a Critical Security Vulnerability (CVE-2025-68645)

  • Subject: [VULNERABILITY ALERT] Zimbra's Zimbra Collaboration Suite Contains a Critical Security Vulnerability (CVE-2025-68645)


  • Content Description:
    • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202512-00000014
    • A critical Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of the email server system Zimbra Collaboration Suite, assigned vulnerability number CVE-2025-68645 (CVSS: 8.8).
    • This vulnerability stems from improper handling of user-provided request parameters by the RestFilter Servlet. A remote unauthenticated attacker can make requests to the /h/rest endpoint, thereby influencing internal request distribution and including arbitrary files within the WebRoot directory.
  • Affected Platforms:
    • Zimbra Collaboration Suite version 10.0
    • Zimbra Collaboration Suite version 10.1
  • Recommended Actions:
    • Apply patches according to the solutions released on the official website.
  • Reference Material:
    1. https://www.twcert.org.tw/tw/cp-169-10593-468c8-1.html

Computer and Communication Center
Network Systems Division, Respectfully