What is it?
Zimbra Collaboration Suite (ZCS) includes a web mail client written in PHP.
A vulnerability exists in the way that files are loaded remotely.
Why is it a risk?
An attacker can read files on your server or inject PHP logic into mail processing.
The Red Hot Cyber link below provides more details
This is considered a HIGH vulnerability.
How can you mitigate the risk?
Upgrade your Zimbra installation to (at least) version ZCS 10.1.13 (Daffodil).
There is a link below to the Zimbra Security Center which, in turn, links to the Patch Installation (link near the bottom of the page).
Resources:
Red Hot Cyber: CVE-2025-68645
https://www.redhotcyber.com/en/cve-details/?cve_id=CVE-2025-68645
Zimbra Security Center
https://wiki.zimbra.com/wiki/Security_Center
