← back
CVE-2022-27925

CVE-2022-27925

CVSS 7.2 HIGHEPSS 98.2%● KEVCWE-22
In short

Zimbra Collaboration allows administrators to upload files through a backup import function that doesn't properly check file paths, enabling them to place files anywhere on the system instead of just the intended directory.

Technical detail

The mboximport functionality in Zimbra 8.8.15 and 9.0 fails to validate file paths during ZIP extraction, allowing authenticated administrators to exploit directory traversal (CWE-22) and write arbitrary files to unauthorized locations on the server.

Summary generated and translated by AI from the official description.
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found13
githubgithub.com/vnhacker1337/CVE-2022-27925-PoC65githubgithub.com/Josexv1/CVE-2022-2792543githubgithub.com/SystemVll/CVE-2022-2792518githubgithub.com/jam620/Zimbra8githubgithub.com/Chocapikk/CVE-2022-27925-Revshell5githubgithub.com/akincibor/CVE-2022-279253githubgithub.com/touchmycrazyredhat/CVE-2022-27925-Revshell1githubgithub.com/sanan2004/CVE-2022-279250githubgithub.com/huahuatzt/CVE-2022-279250githubgithub.com/miko550/CVE-2022-279250githubgithub.com/navokus/CVE-2022-279250githubgithub.com/onlyHerold22/CVE-2022-27925-PoC0cve_referencepacketstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.htmlhttps://wiki.zimbra.com/wiki/Security_Centerhttps://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24https://wiki.zimbra.com/wiki/Zimbra_Security_Advisorieshttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27925