{"cve_id":"CVE-2025-68645","summary":"A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.44564,"ranking_epss":0.97555,"kev":true,"propose_action":"Synacor Zimbra Collaboration Suite (ZCS) contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.","ransomware_campaign":"Unknown","references":["https://wiki.zimbra.com/wiki/Security_Center","https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-68645"],"published_time":"2025-12-22T18:16:17","cpes":["cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.0","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.1","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.10","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.11","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.12","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.13","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.14","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.15","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.16","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.17","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.2","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.3","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.4","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.5","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.6","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.7","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.8","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.9","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.0","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.1","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.10","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.11","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.12","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.2","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.3","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.4","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.5","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.6","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.7","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.8","cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.9"]}