Outbreak Alert Zimbra Collaboration Local File Inclusion Released: Jan 30, 2026 Download PDF » Zimbra Collaboration LFI Vulnerability Tags High Severity Zimbra Vendor Subscribe Active exploitation in the wild A Local File Inclusion (LFI) vulnerability (CVE-2025-68645) exists in the Zimbra Collaboration Suite (ZCS) Webmail Classic UI due to improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft malicious requests, potentially exposing sensitive configuration and application data and aiding further compromise. Learn More » Common Vulnerabilities and Exposures Background Successful exploitation may allow threat actors to: • Leak sensitive files from the system WebRoot directory • Gain reconnaissance and foothold inside the targeted environment. • Potentially leverage exposed information for further exploitation or escalation. • A public proof-of-concept exploit is available, and active exploitation has been observed. Latest Development Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered. Apply vendor patches immediately for all affected ZCS versions (Zimbra Collaboration (ZCS) 10.0 -10.0.17- Zimbra Collaboration (ZCS) 10.1.0 - 10.1.12), and Fixed versions are 10.0.18 and 10.1.13. January 28, 2026: FortiGuard released a Threat Signal Report. https://www.fortiguard.com/threat-signal-report/6324/zimbra-collaboration-local-file-inclusion January 23, 2026: CISA has confirmed active exploitation by adding the vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog. November 06, 2025: Zimbra Patch Release. https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.18#Security_Fixes FortiGuard Cybersecurity Framework Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services. IPS IOC Outbreak Detection Automated Response Assisted Response Services NOC/SOC Training End-User Training Attack Surface Hardening FortiADC FortiGate FortiNDR FortiProxy FortiSASE FortiAnalyzer FortiCloud SOCaaS FortiSIEM FortiSOAR FortiAnalyzer FortiXDR Incident Response NSE Training Response Readiness Security Awareness & Training Security Rating Threat Intelligence Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities. References Sources of information in support and relation to this Outbreak and vendor. Zimbra Security Learn More » About FortiGuard Outbreak Alerts Learn More »