CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Feb 12, 2026

CVE-2025-68645

High

EPSS 31.4%CISA KEV

Synacor/ Zimbra Collaboration Suite (ZCS)

Description

Synacor Zimbra Collaboration Suite (ZCS) contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

EPSS — Exploit Probability

31.4%

Higher than 96.7% of all CVEs

Required Action

https://wiki.zimbra.com/wiki/Security_Center ; https://nvd.nist.gov/vuln/detail/CVE-2025-68645

Risk Assessment

ELEVATED

In CISA KEV

Details

Severity: High
EPSS: 31.4%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Jan 22, 2026

Added to KEV

Jan 22, 2026

Remediation Due

Feb 12, 2026

Affected Product

Synacor

Zimbra Collaboration Suite (ZCS)

View all Synacor CVEs

External Links

NVD (NIST)CVE Details MITRE CVE