ГлавнаяУязвимости → CVE-2025-68645
8.8высокая

CVE-2025-68645

Описание

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

Затрагиваемое ПО
Synacor Zimbra collaboration suite
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://wiki.zimbra.com/wiki/Security_Centerhttps://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policyhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-68645