Known exploited
Synacor
CVE published 2026-01-22
CVE-2025-68645
CVE-2025-68645 is a Synacor Zimbra Collaboration Suite (ZCS) PHP remote file inclusion vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2026-01-22. Because it is listed in KEV, defenders should treat it as actively exploited or at least exploitation-confirmed enough to require prompt remediation. CISA’s stated due date for action is 2026-02-12.