CVE-2022-27925β€”Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability

PUBLISHEDvulnerability record
2022-08-11 Β· last modified June 21, 2025

Metadata

CVE ID:
CVE-2022-27925
Project:
Synacor
Product:
Zimbra Collaboration Suite (ZCS)
Date Added:
2022-08-11
Due Date:
2022-09-01
Last Updated:
June 21, 2025

Vulnerability Name

Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability

Description

Synacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
KNOWN

Action

Apply updates per vendor instructions.

Additional Notes

Related News Articles

Related Weaknesses