THREAT OPS › CVEs › CVE-2025-68645
CVE-2025-68645 — Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.
Vulnerability details
- Affected products Zimbra Collaboration Suite (ZCS)
- KEV remediation due2026-02-12