← ExploitWatch
HomeExploited Vulnerabilities

CVE-2022-27925 — Actively Exploited: Zimbra Collaboration Suite (ZCS) (Synacor)

Synacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution.

CVE IDCVE-2022-27925
VendorSynacor
ProductZimbra Collaboration Suite (ZCS)
Vulnerability nameSynacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability
Date added2022-08-11
Remediation due2022-09-01
Known ransomware useKnown
Required actionApply updates per vendor instructions.
DescriptionSynacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →