CVE-2025-68645: Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File
Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability. Synacor Zimbra Collaboration Suite (ZCS) contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.
- CISA KEV-listed (remediation due 2026-02-12)
- EPSS 47.6% (97.8% percentile)