CISA Warns Federal Agencies of Actively Exploited Zimbra Email Vulnerability

CISA urges agencies to patch critical Zimbra flaw CVE-2025-68645, exploited by attackers, to prevent unauthorized access and data exposure.

By Content Team

Jan 25, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

CISA added a critical Zimbra Collaboration Suite vulnerability to its Known Exploited Vulnerabilities catalog Thursday, urging federal agencies to patch immediately. The flaw (CVE-2025-68645) allows attackers to access sensitive files without authentication by exploiting the webmail interface's RestFilter servlet.

Threat actors are already using this vulnerability in sophisticated, targeted campaigns according to CrowdSec researchers. The bug can expose internal system information and enable further attacks when combined with other weaknesses.

Zimbra released patches in November 2025 for versions 10.1.13 and 10.0.18. Federal agencies have three weeks to fix this and three other newly identified exploited vulnerabilities under government security directives.

Source: Security Week

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

European Commission Hit by Major Data Breach Through Supply Chain Attack

Apr 5, 2026

Critical BeyondTrust Vulnerability Allows Hackers Complete System Access

Feb 8, 2026

M&S Technology Chief Quits Less Than a Year After Cyber Attack

Jan 22, 2026

Adobe Patches Zero-Day Vulnerability Exploited for Months

Apr 14, 2026