CVE-2022-27925
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- March 25, 2022
- Published Date
- April 20, 2022
- Last Updated
- January 29, 2025
- Vendor
- n/a
- Product
- n/a
- Description
- Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Technical Impact
- total
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-08-11 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/zimbra_mboximport_cve_2022_27925.rb | 2025-04-29 11:01:16 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
Inplex-sys/CVE-2022-27925
Type: github • Created: 2022-10-01 10:33:55 UTC • Stars: 16
touchmycrazyredhat/CVE-2022-27925-Revshell
Type: github • Created: 2022-09-17 22:24:32 UTC • Stars: 1
akincibor/CVE-2022-27925
Type: github • Created: 2022-09-12 08:30:30 UTC • Stars: 2
Chocapikk/CVE-2022-27925-Revshell
Type: github • Created: 2022-08-26 20:19:48 UTC • Stars: 4
Josexv1/CVE-2022-27925
Type: github • Created: 2022-08-20 15:58:29 UTC • Stars: 43
mohamedbenchikh/CVE-2022-27925
Type: github • Created: 2022-08-14 22:22:55 UTC • Stars: 56
vnhacker1337/CVE-2022-27925-PoC
Type: github • Created: 2022-08-12 18:35:52 UTC • Stars: 67