QwikSec

Security Database

CVE

CWE

Training

CVE-2022-27925

Published: Apr 20, 2022

Modified: Oct 21, 2025

PUBLISHED

Description

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

x_refsource_MISC

https://wiki.zimbra.com/wiki/Security_Center

x_refsource_MISC

https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24

x_refsource_MISC

http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.