CVE-2022-27925 - Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability

项目:Synacor

产品:Zimbra Collaboration Suite (ZCS)

添加日期:2022-08-11到期日:2022-09-01最后更新:June 21, 2025

漏洞名称

Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability

描述

Synacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution.

已知用于勒索软件活动吗?

Known

采集行动

Apply updates per vendor instructions.

其他说明

https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/

https://nvd.nist.gov/vuln/detail/CVE-2022-27925

相关新闻文章

New SharkLoader Malware Deploys Cobalt Strike in StrikeShark CyberattacksJune 26, 2026

相关 CWE