CVE-2022-37042
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- August 01, 2022
- Published Date
- August 11, 2022
- Last Updated
- January 29, 2025
- Vendor
- n/a
- Product
- n/a
- Description
- Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.
CVSS Scores
CVSS v3.1
9.8 - CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-08-11 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/zimbra_mboximport_cve_2022_27925.rb | 2025-04-29 11:01:16 UTC |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-37042.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
zimbra_mboximport_cve_2022_27925
Type: metasploit • Created: Unknown
Metasploit module for CVE-2022-37042
0xf4n9x/CVE-2022-37042
Type: github • Created: 2022-10-24 10:10:45 UTC • Stars: 30
CVE-2022-37042 Zimbra Auth Bypass leads to RCE
aels/CVE-2022-37042
Type: github • Created: 2022-08-25 10:43:13 UTC • Stars: 19
Zimbra CVE-2022-37042 Nuclei weaponized template
GreyNoise-Intelligence/Zimbra_CVE-2022-37042-_CVE-2022-27925
Type: github • Created: 2022-08-18 18:39:39 UTC • Stars: 7