CVE-2025-68645 - Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability
Project:Synacor
Product: Zimbra Collaboration Suite (ZCS)
Date Added:2026-01-22Due Date:2026-02-12
Vulnerability Name
Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability
Description
Synacor Zimbra Collaboration Suite (ZCS) contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://wiki.zimbra.com/wiki/Security_Center
https://nvd.nist.gov/vuln/detail/CVE-2025-68645
Related News Articles
CISA confirms active exploitation of four enterprise software bugsJanuary 24, 2026
CISA Updates KEV Catalog with Four Actively Exploited Software VulnerabilitiesJanuary 23, 2026