A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Zimbra Collaboration versions prior to 10.0.18 and 10.1.13 are vulnerable to Local File Inclusion (LFI) in the Webmail Classic UI due to improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can exploit this vulnerability by crafting requests to the /h/rest endpoint, which can lead to the inclusion of arbitrary files from the WebRoot directory.

ID	Name	Product	Family	Severity
297134	Zimbra Collaboration Server 10.0.x < 10.0.18, 10.1.x < 10.1.13 Local File Inclusion	Nessus	CGI abuses	high
115122	Zimbra Collaboration 10.0.x < 10.0.18 / 10.1.x < 10.1.13 Local File Inclusion	Web App Scanning	Component Vulnerability	high

Detections

Analytics

CVE-2025-68645

high

Tenable Plugins

high

high