Organizations Warned of Exploited Zimbra Collaboration Vulnerability

Organizations Warned of Exploited Zimbra Collaboration Vulnerability

Posted on By CWS

The US cybersecurity company CISA on Thursday urged federal companies to patch their Zimbra Collaboration Suite cases towards a safety defect actively exploited within the wild.

Tracked as CVE-2025-68645, the exploited Zimbra vulnerability is described as a neighborhood file inclusion (LFI) situation affecting the equipment’s webmail UI.

The bug exists as a result of the RestFilter servlet fails to correctly deal with user-supplied request parameters, permitting attackers to ship crafted requests.

By influencing inner request routing, attackers can embrace arbitrary recordsdata from the WebRoot listing with out authentication.

Profitable exploitation of the flaw might result in the disclosure of delicate info and inner paths, reconnaissance, and additional compromise, if chained with different safety weaknesses.

Patches for the flaw had been launched on November 6, 2025, in Zimbra Collaboration Suite variations 10.1.13 and 10.0.18.Commercial. Scroll to proceed studying.

On Thursday, CISA added CVE-2025-68645 to its Recognized Exploited Vulnerabilities (KEV) catalog, with out offering particulars on the noticed assaults.

In line with CrowdSec, nevertheless, menace actors have been abusing the vulnerability in extremely focused assaults, as a part of refined, intelligence-driven campaigns.

Exploitation of the safety defect has been surging, suggesting widespread curiosity from menace actors, CrowdSec notes.

Along with the Zimbra weak spot, CISA expanded the KEV listing with three different bugs, urging federal companies to deal with them inside three weeks, because the Binding Operational Directive (BOD) 22-01 mandates.

The problems newly flagged as exploited embrace CVE-2025-54313, which refers to malicious code included within the eslint-config-prettier package deal as a part of a provide chain assault in July 2025, CVE-2025-31125, an improper entry management vulnerability within the Vite frontend improvement framework, and CVE-2025-34026, an authentication bypass within the Versa Concerto SD-WAN orchestration platform.

Whereas BOD 22-01 applies solely to federal companies, all organizations are suggested to overview CISA’s KEV catalog and tackle the safety defects it identifies.

Associated: Recent SmarterMail Flaw Exploited for Admin Entry

Associated: CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries

Associated: Important HPE OneView Vulnerability Exploited in Assaults

Associated: Recent MongoDB Vulnerability Exploited in Assaults

Security Week News Tags:, , , , ,

Related Posts

Feds Seize Password Database Used in Massive Bank Account Takeover Scheme Feds Seize Password Database Used in Massive Bank Account Takeover Scheme Security Week News
RCI Hospitality Faces Data Breach Exposing Sensitive Info RCI Hospitality Faces Data Breach Exposing Sensitive Info Security Week News
SonicWall Urges Fast Action on Firewall Security Flaws SonicWall Urges Fast Action on Firewall Security Flaws Security Week News
In-the-Wild Exploitation of Fresh Fortinet Flaws Begins In-the-Wild Exploitation of Fresh Fortinet Flaws Begins Security Week News
Wide Range of Malware Delivered in React2Shell Attacks Wide Range of Malware Delivered in React2Shell Attacks Security Week News
Vibe Coding Tested: AI Agents Nail SQLi but Fail Miserably on Security Controls Vibe Coding Tested: AI Agents Nail SQLi but Fail Miserably on Security Controls Security Week News