CVE-2025-68645 — Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability

Description

Synacor Zimbra Collaboration Suite (ZCS) contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

How to fix CVE-2025-68645

No package mapping is available — consult the references below for vendor-specific guidance.

Is CVE-2025-68645 being exploited?

Yes — CVE-2025-68645 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.

Affected packages (0)

No package mapping in OSV.