CVE-2025-68645

⚠ KEVEPSS 47.6%

Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability

Added to CISA KEV: 1/22/2026

Description

Synacor Zimbra Collaboration Suite (ZCS) contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

Affected packages (0)

No package mapping in OSV.