CVE-2022-27925 - Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability

Project:Synacor

Product:Zimbra Collaboration Suite (ZCS)

Date Added:2022-08-11Due Date:2022-09-01Last Updated:June 21, 2025

Vulnerability Name

Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability

Description

Synacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes

https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/

https://nvd.nist.gov/vuln/detail/CVE-2022-27925

Related News Articles

New SharkLoader Malware Deploys Cobalt Strike in StrikeShark CyberattacksJune 26, 2026

Related Weaknesses