Outbreak Alert

Zimbra Collaboration Local File Inclusion

Released: Jan 30, 2026

Zimbra Collaboration LFI Vulnerability Tags

High Severity

Zimbra Vendor

Active exploitation in the wild

A Local File Inclusion (LFI) vulnerability (CVE-2025-68645) exists in the Zimbra Collaboration Suite (ZCS) Webmail Classic UI due to improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft malicious requests, potentially exposing sensitive configuration and application data and aiding further compromise. Learn More »

Common Vulnerabilities and Exposures

Background

Successful exploitation may allow threat actors to:
• Leak sensitive files from the system WebRoot directory
• Gain reconnaissance and foothold inside the targeted environment.
• Potentially leverage exposed information for further exploitation or escalation.
• A public proof-of-concept exploit is available, and active exploitation has been observed.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

Apply vendor patches immediately for all affected ZCS versions (Zimbra Collaboration (ZCS) 10.0 -10.0.17- Zimbra Collaboration (ZCS) 10.1.0 - 10.1.12), and Fixed versions are 10.0.18 and 10.1.13.

January 28, 2026: FortiGuard released a Threat Signal Report.
https://www.fortiguard.com/threat-signal-report/6324/zimbra-collaboration-local-file-inclusion
January 23, 2026: CISA has confirmed active exploitation by adding the vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog.
November 06, 2025: Zimbra Patch Release.
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.18#Security_Fixes

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

PROTECT

DETECT

IOC
Outbreak Detection

RESPOND

Automated Response
Assisted Response Services

RECOVER

NOC/SOC Training
End-User Training

IDENTIFY

Attack Surface Hardening

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

References

Sources of information in support and relation to this Outbreak and vendor.

Zimbra Security

Learn More »

About FortiGuard Outbreak Alerts

Learn More »

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Outbreak Alert

Zimbra Collaboration Local File Inclusion

Active exploitation in the wild

Common Vulnerabilities and Exposures

Background

Real-Time Threat Map

Latest Development

FortiGuard Cybersecurity Framework

FortiADC

FortiGate

FortiNDR

FortiProxy

FortiSASE

FortiAnalyzer

FortiCloud SOCaaS

FortiSIEM

FortiSOAR

FortiAnalyzer

FortiNDR Cloud

FortiXDR

Incident Response

NSE Training

Response Readiness

Security Awareness & Training

Security Rating

Threat Intelligence

References

Zimbra Security

About FortiGuard Outbreak Alerts

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Outbreak Alert

Zimbra Collaboration Local File Inclusion

Active exploitation in the wild

Common Vulnerabilities and Exposures

Background

Real-Time Threat Map

Latest Development

FortiGuard Cybersecurity Framework

Threat Intelligence

References

Zimbra Security

About FortiGuard Outbreak Alerts

Threat Intelligence
Center