Intrusion PreventionZimbra.Collaboration.RestFilter.Local.File.Inclusion
Description
This indicates an attack attempt to exploit a Local File Inclusion vulnerability in Zimbra Collaboration.
The vulnerability is due to improper validation of user-supplied inputs. An unauthenticated remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation of this vulnerability could lead to information disclosure from the target server.
Outbreak Alert
A Local File Inclusion (LFI) vulnerability (CVE-2025-68645) exists in the Zimbra Collaboration Suite (ZCS) Webmail Classic UI due to improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft malicious requests, potentially exposing sensitive configuration and application data and aiding further compromise.
Affected Products
Zimbra Collaboration 10.1 versions prior to 10.1.13
Zimbra Collaboration 10.0 versions prior to 10.0.18
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.13#Security_Fixes
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.18#Security_Fixes
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| ID | 60097 |
| Created | Jan 26, 2026 |
| Updated | Feb 13, 2026 |
| CVE ID | |
| Tags | Zimbra Collaboration LFI Threat Signal |
| Risk |
|
| Known Exploited | Yes |
| Exploit Prediction Score | 31.37% |
| Default Action | drop |
| Active | |
| Affected OS | Linux |
| Affected App | Other |
| Profile Type | Permission/Privilege/Access Control |