CVE-2025-68645 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-sup…
High KEV CVSS: 8.8

CVE-2025-68645

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.
Vendor
Synacor
Product
Zimbra Collaboration Suite
CWE
CWE-98
Yayın Tarihi
2025-12-22 18:16:17
Güncelleme
2026-01-23 18:39:33
Source Identifier
cve@mitre.org
KEV Date Added
2026-01-22

Kategoriler

CWE-98 Zimbra Collaboration Suite HIGH Synacor 2025

Referanslar

https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-68645