8.8
/ 10
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.
AI Analysis
Local File Inclusion vulnerability in Zimbra Collaboration Webmail Classic UI
Basic Information
ID
CVE-2025-68645
Source
mitre
Published
Dec 22, 2025 at 00:00
Modified
Dec 22, 2025 at 20:11
Affected Product
Vendor
Synacor
Product
Zimbra Collaboration
Version
10.0, 10.1
Affected Versions
n/a n/a n/a
CWE Classification
AI Assessment
AI Score
8.8 / 10
AI Severity
High
Vendor
Synacor
Product
Zimbra Collaboration
Version
10.0, 10.1