Share
## https://sploitus.com/exploit?id=DB5E7402-168E-5C80-9140-6489A3467769
# CVE-2025-68645 - Zimbra Path Traversal Vulnerability
[]()
[]()
[]()
[]()
[]()
## ๐ Overview
**CVE-2025-68645** is a path traversal vulnerability in **Zimbra Collaboration Suite** that allows unauthenticated attackers to read arbitrary files from the server's filesystem.
### Vulnerable Endpoint
/h/printconversations?javax.servlet.include.servlet_path=
## ๐ฏ Impact
| Impact | Severity |
|--------|----------|
| Unauthenticated file read | ๐ด High |
| Configuration disclosure | ๐ด High |
| Credential leakage | ๐ด High |
| Internal network mapping | ๐ Medium |
## ๐ Readable Files
| Path | Information Exposed |
|------|---------------------|
| `/WEB-INF/web.xml` | Servlet mappings, security constraints |
| `/WEB-INF/zcs.web.xml` | Zimbra-specific configuration |
| `/opt/zimbra/conf/localconfig.xml` | LDAP credentials, database passwords |
| `/opt/zimbra/conf/ldap-config.xml` | LDAP server configuration |
| `/opt/zimbra/conf/attrs/zimbra-attrs.xml` | System attributes |
| `/WEB-INF/classes/logging.properties` | Logging configuration |