vulnerability

Zimbra Collaboration: CVE-2024-54663: Collaboration: Inclusion of Functionality from Untrusted Control Sphere

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:C/I:N/A:N)	Dec 19, 2024	Jan 10, 2025	Feb 6, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:N)

Published

Dec 19, 2024

Added

Jan 10, 2025

Modified

Feb 6, 2026

Description

A Local File Inclusion (LFI) vulnerability in the /h/rest endpoint, allowing authorized remote attackers to access sensitive files in the WebRoot using their valid auth tokens, has been fixed to prevent unauthorized file access.

Solution

zimbra-collaboration-upgrade-latest

References

CWE-829
CVE-2024-54663
https://attackerkb.com/topics/CVE-2024-54663
URL-https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.11#Security_Fixes
URL-https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.3#Security_Fixes
URL-https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today