CVE-2022-27925
- Source
- https://cve.org/CVERecord?id=CVE-2022-27925
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-27925.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-27925
- Published
- 2022-04-21T00:15:08.407Z
- Modified
- 2025-12-08T19:07:47.515431Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
- References
-
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27925
- http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.html
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24
- https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Affected packages
Git
github.com/zimbra/zm-build
Affected ranges
- Type
- GIT
- Repo
- https://github.com/zimbra/zm-build
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
github.com/zimbra/zm-mailbox
Affected ranges
- Type
- GIT
- Repo
- https://github.com/zimbra/zm-mailbox
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
Affected versions
8.*
8.7.10
8.7.11
8.7.6
8.7.7
8.7.9
8.8.0.beta1
8.8.10
8.8.11
8.8.12
8.8.15
8.8.15.p1
8.8.2
8.8.3
8.8.4
8.8.5
8.8.6
8.8.7
8.8.8
8.8.9
9.*
9.0.0
9.0.0.p1
9.0.0.p10
9.0.0.p11
9.0.0.p13
9.0.0.p14
9.0.0.p16
9.0.0.p18
9.0.0.p19
9.0.0.p2
9.0.0.p20
9.0.0.p22
9.0.0.p23
9.0.0.p3
9.0.0.p4
9.0.0.p5
9.0.0.p6
9.0.0.p7
9.0.0.p8
9.0.0.p9
github.com/zimbra/zm-zcs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/zimbra/zm-zcs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affected
github.com/zimbra/zm-zcs-lib
Affected ranges
- Type
- GIT
- Repo
- https://github.com/zimbra/zm-zcs-lib
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected