CVE-2025-68645 PoC — Zimbra Collaboration 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-68645.yaml

Associated Vulnerability

Title:Zimbra Collaboration 安全漏洞 (CVE-2025-68645)
Description:Zimbra Collaboration是Zimbra公司的一个开源企业级电子邮件与协作平台，支持邮件、日历、文档管理及团队协作功能。 Zimbra Collaboration 10.0版本和10.1版本存在安全漏洞，该漏洞源于RestFilter servlet处理用户输入不当，可能导致本地文件包含。

Description

Zimbra Collaboration (ZCS) 10.0 and 10.1 contain a local file inclusion caused by improper handling of user-supplied parameters in the RestFilter servlet, letting unauthenticated remote attackers include arbitrary files from WebRoot, exploit requires crafted requests to /h/rest endpoint.

File Snapshot


 id: CVE-2025-68645

info:
  name: Zimbra Collaboration - Local File Inclusion
  author: DhiyaneshDk,

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!