Advanced Threat Data Export

Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.

Vulnerability Keyword

Date Range

Severity

Format

Upgrade Package

Data export is locked. Upgrade your package to enable filtering and downloading.

← Back to CVE List

CVE-2025-68645NVD

Description

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

Severity Level

HIGH (8.8)

Published Date

22/12/2025

Last Modified

23/01/2026

Exploitation Status

ACTIVE

References

https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-68645

Critical Alert 3 Active Exploits Detected Today

CVE Watchtower

Advanced Threat Data Export

CVE-2025-68645NVD

Description

References