This week’s release introduces new detections for CVE-2025-68645 and CVE-2025-31125. Key Findings
CVE-2025-68645: A Local File Inclusion (LFI) vulnerability in the Webmail Classic UI of Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 allows unauthenticated remote attackers to craft requests to the /h/rest endpoint, improperly influence internal dispatching, and include arbitrary files from the WebRoot directory. CVE-2025-31125: Vite, the JavaScript frontend tooling framework, exposes content of non-allowed files via ?inline&import when its development server is network-exposed, enabling unauthorized attackers to read arbitrary files and potentially leak sensitive information.
RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionCommentsCloudflare Managed Ruleset695d76ff756844d384cab548833761f7 N/AZimbra - Local File Inclusion - CVE:CVE-2025-68645LogBlockThis is a new detection.Cloudflare Managed Ruleset38fff9f3deba46a2abc10a8f950ed8c8 N/AVite - WASM Import Path Traversal - CVE:CVE-2025-31125LogBlockThis is a new detection.
Fetched April 4, 2026