CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Organizations Warned of Exploited Zimbra Collaboration Vulnerability

CISA has added the Zimbra flaw to the KEV catalog along with three other bugs exploited in the wild. The post Organizations Warned of Exploited Zimbra Collaboration Vulnerability appeared first on SecurityWeek.

CISA KEV

The US cybersecurity agency CISA on Thursday urged federal agencies to patch their Zimbra Collaboration Suite instances against a security defect actively exploited in the wild.

Tracked as CVE-2025-68645, the exploited Zimbra vulnerability is described as a local file inclusion (LFI) issue affecting the appliance’s webmail UI.

The bug exists because the RestFilter servlet fails to properly handle user-supplied request parameters, allowing attackers to send crafted requests.

By influencing internal request routing, attackers can include arbitrary files from the WebRoot directory without authentication.

Successful exploitation of the flaw could lead to the disclosure of sensitive information and internal paths, reconnaissance, and further compromise, if chained with other security weaknesses.

Patches for the flaw were released on November 6, 2025, in Zimbra Collaboration Suite versions 10.1.13 and 10.0.18.

On Thursday, CISA added CVE-2025-68645 to its Known Exploited Vulnerabilities (KEV) catalog, without providing details on the observed attacks.

According to CrowdSec, however, threat actors have been abusing the vulnerability in highly targeted attacks, as part of sophisticated, intelligence-driven campaigns.

Exploitation of the security defect has been surging, suggesting widespread interest from threat actors, CrowdSec notes.

In addition to the Zimbra weakness, CISA expanded the KEV list with three other bugs, urging federal agencies to address them within three weeks, as the Binding Operational Directive (BOD) 22-01 mandates.

The issues newly flagged as exploited include CVE-2025-54313, which refers to malicious code included in the eslint-config-prettier package as part of a supply chain attack in July 2025, CVE-2025-31125, an improper access control vulnerability in the Vite frontend development framework, and CVE-2025-34026, an authentication bypass in the Versa Concerto SD-WAN orchestration platform.

While BOD 22-01 applies only to federal agencies, all organizations are advised to review CISA’s KEV catalog and address the security defects it identifies.

Related: Fresh SmarterMail Flaw Exploited for Admin Access

Related: CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries

Related: Critical HPE OneView Vulnerability Exploited in Attacks

Related: Fresh MongoDB Vulnerability Exploited in Attacks

Latest News

CYBERNEWSMEDIAPublisher