CVE-2025-68645

ENISA EUVD: EUVD-2025-204719 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 1 article Published: 2025-12-22

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

62.58%

probability

This CVE has a 62.58% probability of being exploited in the next 30 days.

0% Top 98.4th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

8.8

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

Affected Products

n/a

synacor

zimbra collaboration suite

n/a

Attack Intelligence

CWE-664 · Improper Control of a Resource Through its Lifetime CWE-669 · Incorrect Resource Transfer Between Spheres CWE-706 · Use of Incorrectly-Resolved Name or Reference CWE-829 CWE-98 · Improper Control of Filename

Exploits & PoC

MaxMnMl/zimbramail-CVE-2025-68645-poc

CVE-2025-68645 - A Local File Inclusion (LFI) vulnerability in the Webmail Classic UI of Zimbra Collaboration

3 2026-01-04

chinaxploiter/CVE-2025-68645-PoC

Academic proof-of-concept demonstrating CVE-2025-68645 for authorized security research.

2 2025-12-30

0xBlackash/CVE-2025-68645

CVE-2025-68645

1 2026-04-24

HarisAidhin/Poc_CVE-2025-68645

Zimbra Path Traversal (CVE-2025-68645) - Unauthenticated file read vulnerability in Zimbra Collaboration Suite

1 2026-05-06

faysalferdous/CVE-2025-68645-Exploiting-Zimbra-Webmail-LFI-Vulnerability

0 2026-02-10

CMEGh0stX47/CVE-2025-68645

0 2026-02-21

6 repos — triés par ⭐ Rechercher sur GitHub ↗

https://wiki.zimbra.com/wiki/Security_Center

https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy

Signal Intelligence

Confidenceⓘ

85%

EPSS 62.58%

CVSS v3.1 8.8

Mentions 1

Last Seen Jan 23, 2026

CNA Information

CNA Assigner

mitre

Analyst Note

CVE-2025-68645 was published 2025-12-22 and is documented as actively exploited in the wild per CISA KEV catalog listing reported by TheHackerNews. The recent publication date (same month as CISA KEV addition) combined with CISA's explicit 'actively exploited' designation strongly indicates zero-day exploitation timing, though the article excerpt is truncated and exact exploitation-to-patch timeline cannot be fully verified.

Threat Actors 5

Cobalt

apt_group Financial crime 🇷🇺 RU

APT 28

apt_group Information theft and espionage 🇷🇺 RU

TAG-28

apt_group Information theft and espionage 🇨🇳 CN

Roaming Tiger

apt_group Information theft and espionage 🇨🇳 CN

White Bear

apt_group Information theft and espionage 🇷🇺 RU

Triage Info

Decided atMar 05, 2026

Published DateDec 22, 2025