Gh0st - Security Researcher - Exploit Intelligence Platform

CVE-2025-68645 NOMISEC HIGH SCANNER

Zimbra Collaboration Suite 10.0.0-10.0.17 - Unauthenticated Local File Inclusion via RestFilter Servlet

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

CVSS 8.8

View Code

CVE-2025-68645 NOMISEC HIGH SCANNER

Zimbra Collaboration Suite 10.0.0-10.0.17 - Unauthenticated Local File Inclusion via RestFilter Servlet

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

CVSS 8.8

View Code

CVE-2025-68645 NOMISEC HIGH SCANNER

Zimbra Collaboration Suite 10.0.0-10.0.17 - Unauthenticated Local File Inclusion via RestFilter Servlet

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

CVSS 8.8

View Code