Organizations Warned of Exploited Zimbra Collaboration Vulnerability

The Zimbra Collaboration Suite, widely deployed for enterprise email, has been exposed to a critical local file inclusion (LFI) flaw identified as CVE‑2025‑68645. The defect resides in the RestFilter servlet, which mishandles user‑supplied parameters, enabling attackers to craft requests that pull arbitrary files from the WebRoot directory without authentication. Successful exploitation can reveal configuration files, internal network paths, and potentially serve as a foothold for deeper intrusion. Although patches for versions 10.1.13 and 10.0.18 were issued in November 2025, active exploitation in the wild suggests many installations remain unpatched.

CISA’s rapid inclusion of CVE‑2025‑68645 in its Known Exploited Vulnerabilities (KEV) catalog underscores the agency’s focus on threat‑active flaws that jeopardize federal networks. The addition aligns with Binding Operational Directive 22‑01, which obliges all federal entities to remediate KEV items within three weeks, a deadline that now also covers three newly listed bugs affecting npm packages, the Vite framework, and Versa Concerto SD‑WAN. By publicizing exploitation trends, CISA pressures both government and private sectors to prioritize patch deployment, elevate vulnerability scanning, and integrate threat‑intel feeds into their security operations centers.

For organizations beyond the federal sphere, the Zimbra case serves as a reminder that legacy webmail appliances often lag in security hygiene. A disciplined patch‑management program should combine automated inventory, timely vendor notifications, and staged testing to avoid service disruption while closing critical gaps. Additionally, deploying web‑application firewalls and monitoring for anomalous request patterns can detect exploitation attempts before data exfiltration occurs. As threat actors continue to chain LFI bugs with credential‑stealing malware, enterprises that embed continuous vulnerability assessment into their risk‑management framework will be better positioned to mitigate emerging attack vectors.