THREATOPS
THREAT OPSCVEs › CVE-2025-68645

CVE-2025-68645 — Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability

CISA KEVExploited: confirmedSynacor

Synacor Zimbra Collaboration Suite (ZCS) contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

Vulnerability details