Organizations Warned of Exploited Zimbra Collaboration Vulnerability

The US cybersecurity agency CISA on Thursday urged federal agencies to patch their Zimbra Collaboration Suite instances against a security defect actively exploited in the wild.

Tracked as CVE-2025-68645, the exploited Zimbra vulnerability is described as a local file inclusion (LFI) issue affecting the appliance’s webmail UI.

The bug exists because the RestFilter servlet fails to properly handle user-supplied request parameters, allowing attackers to send crafted requests.

By influencing internal request routing, attackers can include arbitrary files from the WebRoot directory without authentication.

Successful exploitation of the flaw could lead to the disclosure of sensitive information and internal paths, reconnaissance, and further compromise, if chained with other security weaknesses.

Patches for the flaw were released on November 6, 2025, in Zimbra Collaboration Suite versions 10.1.13 and 10.0.18.

On Thursday, CISA added CVE-2025-68645 to its Known Exploited Vulnerabilities (KEV) catalog, without providing details on the observed ...