Organizations Warned of Exploited Zimbra Collaboration Vulnerability

Organizations Warned of Exploited Zimbra Collaboration Vulnerability

Posted on By CWS

The US cybersecurity company CISA on Thursday urged federal companies to patch their Zimbra Collaboration Suite cases towards a safety defect actively exploited within the wild.

Tracked as CVE-2025-68645, the exploited Zimbra vulnerability is described as a neighborhood file inclusion (LFI) situation affecting the equipment’s webmail UI.

The bug exists as a result of the RestFilter servlet fails to correctly deal with user-supplied request parameters, permitting attackers to ship crafted requests.

By influencing inner request routing, attackers can embrace arbitrary recordsdata from the WebRoot listing with out authentication.

Profitable exploitation of the flaw might result in the disclosure of delicate info and inner paths, reconnaissance, and additional compromise, if chained with different safety weaknesses.

Patches for the flaw had been launched on November 6, 2025, in Zimbra Collaboration Suite variations 10.1.13 and 10.0.18.Commercial. Scroll to proceed studying.

On Thursday, CISA added CVE-2025-68645 to its Recognized Exploited Vulnerabilities (KEV) catalog, with out offering particulars on the noticed assaults.

In line with CrowdSec, nevertheless, menace actors have been abusing the vulnerability in extremely focused assaults, as a part of refined, intelligence-driven campaigns.

Exploitation of the safety defect has been surging, suggesting widespread curiosity from menace actors, CrowdSec notes.

Along with the Zimbra weak spot, CISA expanded the KEV listing with three different bugs, urging federal companies to deal with them inside three weeks, because the Binding Operational Directive (BOD) 22-01 mandates.

The problems newly flagged as exploited embrace CVE-2025-54313, which refers to malicious code included within the eslint-config-prettier package deal as a part of a provide chain assault in July 2025, CVE-2025-31125, an improper entry management vulnerability within the Vite frontend improvement framework, and CVE-2025-34026, an authentication bypass within the Versa Concerto SD-WAN orchestration platform.

Whereas BOD 22-01 applies solely to federal companies, all organizations are suggested to overview CISA’s KEV catalog and tackle the safety defects it identifies.

Associated: Recent SmarterMail Flaw Exploited for Admin Entry

Associated: CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries

Associated: Important HPE OneView Vulnerability Exploited in Assaults

Associated: Recent MongoDB Vulnerability Exploited in Assaults

Security Week News Tags:, , , , ,

Related Posts

July 2025 Breaks a Decade of Monthly Android Patches July 2025 Breaks a Decade of Monthly Android Patches Security Week News
Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia Security Week News
Recent SAP S/4HANA Vulnerability Exploited in Attacks Recent SAP S/4HANA Vulnerability Exploited in Attacks Security Week News
NIST Publishes Guide for Protecting ICS Against USB-Borne Threats NIST Publishes Guide for Protecting ICS Against USB-Borne Threats Security Week News
Top 25 MCP Vulnerabilities Reveal How AI Agents Can Be Exploited Top 25 MCP Vulnerabilities Reveal How AI Agents Can Be Exploited Security Week News
Two Scattered Spider Suspects Arrested in UK; One Charged in US Two Scattered Spider Suspects Arrested in UK; One Charged in US Security Week News