Volerion logoVolerion
Volerion logoVolerion

Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Zimbra Collaboration Webmail Classic UI Local File Inclusion Vulnerability

Vulnerability

A Local File Inclusion (LFI) vulnerability has been identified in the Webmail Classic UI of Zimbra Collaboration (ZCS) versions 10.0 and 10.1. This vulnerability arises from improper handling of user-supplied request parameters in the RestFilter servlet, allowing an unauthenticated remote attacker to craft requests that influence internal request dispatching. This manipulation can lead to the inclusion of arbitrary files from the WebRoot directory.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive files within the WebRoot directory, potentially leading to further attacks or information disclosure.

Reproduction

To reproduce this vulnerability, send a crafted request to the '/h/rest' endpoint via the RestFilter servlet. The request must include specific parameters that exploit the improper handling of user input, allowing for the inclusion of arbitrary files from the WebRoot directory.

Remediation

Users can upgrade to ZCS versions 10.1.13 or 10.0.18, both released on November 6, 2025, which include patches for this vulnerability.

Added: Dec 22, 2025, 6:18 PM
Updated: Jan 22, 2026, 7:04 PM

Vulnerability Rating

Custom Algorithm
spread
3.4
impact
0.0
exploitability
9.3
remediation
7.7
relevance
1.5
threat
8.9
urgency
2.9
incentive
5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.