Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Zimbra Collaboration LFI (CVE-2025-68645) - Vulnerability Database

Zimbra Collaboration LFI (CVE-2025-68645)

Description

Zimbra Collaboration contains a local file inclusion vulnerability caused by improper handling of user-supplied input in a REST servlet component. Due to insufficient validation of request parameters, an unauthenticated remote attacker can craft requests that force the application to include arbitrary files from within the web root directory.

Remediation

Upgrade Zimbra Collaboration Suite to the latest patched version and ensure all security updates are applied regularly.

References

Zimbra Patch Release
Zimbra Collaboration LFI PoC

Related Vulnerabilities

Zend Framework local file disclosure via XXE injection High
Common tags: File Inclusion Information Disclosure Known Vulnerabilities
KeyCloak Information Disclosure (CVE-2020-27838) Medium
Common tags: Information Disclosure Known Vulnerabilities
WordPress W3 Total Cache plugin predictable cache filenames High
Common tags: Information Disclosure Known Vulnerabilities
Apache Axis2 xsd local file inclusion High
Common tags: File Inclusion Information Disclosure
Argo CD Information Disclosure (CVE-2024-37152) Medium
Common tags: Information Disclosure Known Vulnerabilities

Severity

High

Classification

CVE-2025-68645
CWE-22
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N

Tags

File Inclusion
Information Disclosure
Known Vulnerabilities