Vulnerability Description
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Synacor | Zimbra Collaboration Suite | 8.8.15 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.htmlExploitThird Party AdvisoryVDB Entry
- https://wiki.zimbra.com/wiki/Security_CenterVendor Advisory
- https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24Release NotesVendor Advisory
- https://wiki.zimbra.com/wiki/Zimbra_Security_AdvisoriesVendor Advisory
- http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.htmlExploitThird Party AdvisoryVDB Entry
- https://wiki.zimbra.com/wiki/Security_CenterVendor Advisory
- https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24Release NotesVendor Advisory
- https://wiki.zimbra.com/wiki/Zimbra_Security_AdvisoriesVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-US Government Resource
FAQ
What is CVE-2022-27925?
CVE-2022-27925 is a vulnerability with a CVSS score of 7.2 (HIGH). Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to up...
How severe is CVE-2022-27925?
CVE-2022-27925 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-27925?
Check the references section above for vendor advisories and patch information. Affected products include: Synacor Zimbra Collaboration Suite.