We're getting hit with this one : CVE-2025-68645

[BradC]

https://nvd.nist.gov/vuln/detail/CVE-2025-68645

It's exposing some internal server names and ip addresses, admin port numbers and a few other bits and pieces. Easy enough to run against your own server to see what it exposes :

https://yourservername/h/rest?javax.ser ... NF/web.xml

[ghen]

This has been fixed in Zimbra 10.0.18 and 10.1.13.

[BradC]

Yes, I tried the "exploit" on an old backup that was still on 10.1.10

Still copping loads of attempts. Looks like not long after the CVE landed someone posted an example to twitter and the attempts started just after that.

[ghen]

I'm seeing just a handful of requests on /h/rest, all returning HTTP 500.

[rainer_d]

I can't upgrade at the moment.

Can I just block /h/rest globally on zimbra or is it needed for something?

[zmcontrol]

I can't upgrade at the moment.

rainer_d,

Here's a way to apply the fix without upgrading (the package url is for ubuntu 22).

viewtopic.php?p=317458#p317458

[rainer_d]

The problem is that I am on CentOS7.
I need to cross-grade to Rocky9 first. Then upgrade.

If I could just upgrade, I would.

[ghen]

The jar files are OS independent.