CVE-2025-68645

KEV EPSS 47.71% · P98 Updated Feb 27, 2026

Public Exploits 1

Nuclei · 1 CVE-2025-68645.yaml [template]

In-the-Wild Activity Observed cisa_kev · confirmed

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-68645

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Zimbra Collaboration 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Zimbra Collaboration是Zimbra公司的一个开源企业级电子邮件与协作平台，支持邮件、日历、文档管理及团队协作功能。 Zimbra Collaboration 10.0版本和10.1版本存在安全漏洞，该漏洞源于RestFilter servlet处理用户输入不当，可能导致本地文件包含。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2025-68645

#	POC Description	Source Link	Shenlong Link
1	CVE-2025-68645	https://github.com/Ashwesker/Blackash-CVE-2025-68645	POC Details
2	Zimbra Collaboration (ZCS) 10.0 and 10.1 contain a local file inclusion caused by improper handling of user-supplied parameters in the RestFilter servlet, letting unauthenticated remote attackers include arbitrary files from WebRoot, exploit requires crafted requests to /h/rest endpoint.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-68645.yaml	POC Details
3	CVE-2025-68645	https://github.com/Ashwesker/Ashwesker-CVE-2025-68645	POC Details
4	Academic proof-of-concept demonstrating CVE-2025-68645 for authorized security research.	https://github.com/chinaxploiter/CVE-2025-68645-PoC	POC Details
5	CVE-2025-68645 - A Local File Inclusion (LFI) vulnerability in the Webmail Classic UI of Zimbra Collaboration	https://github.com/MaxMnMl/zimbramail-CVE-2025-68645-poc	POC Details
6	None	https://github.com/faysalferdous/CVE-2025-68645-Exploiting-Zimbra-Webmail-LFI-Vulnerability	POC Details
7	None	https://github.com/CMEGh0stX47/CVE-2025-68645	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-68645

请登录查看更多情报信息。

Same Patch Batch · n/a · 2025-12-22 · 27 CVEs total

CVE-2025-15004	6.3 MEDIUM	DedeCMS freelist_main.php sql injection
CVE-2025-15005	3.7 LOW	CouchCMS reCAPTCHA config.example.php hard-coded key
CVE-2025-65857		Xiongmai XM530 安全漏洞
CVE-2025-67436		PluXml 安全漏洞
CVE-2025-65856		Xiongmai XM530 安全漏洞
CVE-2025-66736		youlai-boot 安全漏洞
CVE-2025-66735		youlai-boot 安全漏洞
CVE-2025-65817		LSC Smart Connect Indoor IP Camera 安全漏洞
CVE-2024-27708		AIRC MyNET 安全漏洞
CVE-2025-67291		Piranha CMS 安全漏洞
CVE-2025-67290		Piranha CMS 安全漏洞
CVE-2025-65837		PublicCMS 安全漏洞
CVE-2025-65790		Real Time Logic FuguHub 安全漏洞
CVE-2025-67418		ClipBucket 安全漏洞
CVE-2024-25812		AIRC MyNET 安全漏洞
CVE-2024-35321		AIRC MyNET 安全漏洞
CVE-2024-25814		AIRC MyNET 安全漏洞
CVE-2025-67288		Umbraco CMS 安全漏洞
CVE-2025-63662		GT Edge AI 安全漏洞
CVE-2025-63664		GT Edge AI 安全漏洞

Showing top 20 of 27 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2025-68645

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-68645

Public Exploits 1

I. Basic Information for CVE-2025-68645

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2025-68645

III. Intelligence Information for CVE-2025-68645

Same Patch Batch · n/a · 2025-12-22 · 27 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-68645

Leave a comment