Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2022-37042
PUBLISHEDZimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing...
- Vendor
- Zimbra
- Product
- Collaboration Suite
- Published
- Aug 11, 2022
- EPSS
- 94.3% · 100% pctl
Description
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC decision points
- Exploitation
- active
- Automatable
- Yes
- Technical impact
- total
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Aug 11, 2022 |
| The Shadowserver (via CIRCL) | Jun 01, 2026 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/zimbra_mboximport_cve_2022_27925.rb | Apr 28, 2025 |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-37042.yaml | Apr 25, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2022-10-24 10:10:45 UTC · 30 stars
CVE-2022-37042 Zimbra Auth Bypass leads to RCE
github · Created 2022-08-25 10:43:13 UTC · 19 stars
Zimbra CVE-2022-37042 Nuclei weaponized template
github · Created 2022-08-18 18:39:39 UTC · 7 stars
Timeline
-
CVE ID Reserved
-
Exploit Used in Malware
-
Added to KEVIntel
-
CVE Published to Public
-
Detected by Nuclei
-
Detected by Metasploit
-
Added to KEVIntel