CVE-2025-68645
Description
CVE-2025-68645 is a high-severity (8.8) LFI vulnerability in Zimbra ZCS 10.0 and 10.1, actively exploited by unauthenticated remote attackers.
CPE
| Product | Version Start | Version End (excl.) | Status |
|---|---|---|---|
| zimbra_collaboration_suite | 10.0.0 | 10.0.18 | vulnerable |
| zimbra_collaboration_suite | 10.1.0 | 10.1.13 | vulnerable |
Related weakness (CWE)
Remediation plan
Apply official patches
Immediately install the latest security patches provided by Synacor for Zimbra Collaboration Suite to resolve the improper parameter handling within the RestFilter servlet.
Update affected systems
Upgrade Zimbra Collaboration Suite (ZCS) deployments to version 10.0.18 or higher for the 10.0 branch, and version 10.1.13 or higher for the 10.1 branch.
Restrict access
Apply Web Application Firewall (WAF) rules to filter malicious requests to the /h/rest endpoint and consider restricting access to the Classic UI to known, trusted IP ranges.
Monitor for exploitation
Review web server access logs for suspicious activity targeting the /h/rest endpoint, specifically looking for directory traversal patterns or unusual internal file requests.
Detection Guidance
To detect potential exploitation, analyze web server logs for HTTP requests directed at the /h/rest endpoint that contain path traversal sequences or unexpected parameters. Monitor for unauthorized access to sensitive files within the Zimbra WebRoot directory. Organizations should also look for unusual internal request dispatching patterns originating from the RestFilter servlet and deploy network signatures that identify unauthenticated LFI attempts targeting Zimbra's Classic UI.