Synacor Zimbra Collaboration Suite (ZCS) contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.
PoC: Poc_CVE-2025-68645
Zimbra Path Traversal (CVE-2025-68645) - Unauthenticated file read vulnerability in Zimbra Collaboration Suite
PoC: CVE-2025-68645
CVE-2025-68645
PoC: zimbramail-CVE-2025-68645-poc
A proof-of-concept exploit a Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet.
PoC: CVE-2025-68645-PoC
Academic proof-of-concept demonstrating CVE-2025-68645 for authorized security research.
PoC: Blackash-CVE-2025-68645
CVE-2025-68645
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free