CVE-2022-27925

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.

Published: Apr 21, 2022
Updated: Nov 4, 2025
CVE: CVE-2022-27925
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
synacor / zimbra_collaboration_suite	8.8.15	8.8.15.x
synacor / zimbra_collaboration_suite	9.0.0	9.0.0.x
synacor / zimbra_collaboration_suite	9.0.0-p1	9.0.0-p1.x
synacor / zimbra_collaboration_suite	9.0.0-p2	9.0.0-p2.x
synacor / zimbra_collaboration_suite	9.0.0-p10	9.0.0-p10.x
synacor / zimbra_collaboration_suite	9.0.0-p11	9.0.0-p11.x
synacor / zimbra_collaboration_suite	9.0.0-p12	9.0.0-p12.x
synacor / zimbra_collaboration_suite	9.0.0-p13	9.0.0-p13.x
synacor / zimbra_collaboration_suite	9.0.0-p14	9.0.0-p14.x
synacor / zimbra_collaboration_suite	9.0.0-p15	9.0.0-p15.x
synacor / zimbra_collaboration_suite	9.0.0-p16	9.0.0-p16.x
synacor / zimbra_collaboration_suite	9.0.0-p17	9.0.0-p17.x
synacor / zimbra_collaboration_suite	9.0.0-p18	9.0.0-p18.x
synacor / zimbra_collaboration_suite	9.0.0-p19	9.0.0-p19.x
synacor / zimbra_collaboration_suite	9.0.0-p20	9.0.0-p20.x
synacor / zimbra_collaboration_suite	9.0.0-p21	9.0.0-p21.x
synacor / zimbra_collaboration_suite	9.0.0-p22	9.0.0-p22.x
synacor / zimbra_collaboration_suite	9.0.0-p23	9.0.0-p23.x
synacor / zimbra_collaboration_suite	9.0.0-p3	9.0.0-p3.x
synacor / zimbra_collaboration_suite	9.0.0-p4	9.0.0-p4.x
synacor / zimbra_collaboration_suite	9.0.0-p5	9.0.0-p5.x
synacor / zimbra_collaboration_suite	9.0.0-p6	9.0.0-p6.x
synacor / zimbra_collaboration_suite	9.0.0-p7	9.0.0-p7.x
synacor / zimbra_collaboration_suite	9.0.0-p8	9.0.0-p8.x
synacor / zimbra_collaboration_suite	9.0.0-p9	9.0.0-p9.x
synacor / zimbra_collaboration_suite	8.8.15-p1	8.8.15-p1.x
synacor / zimbra_collaboration_suite	8.8.15-p10	8.8.15-p10.x
synacor / zimbra_collaboration_suite	8.8.15-p11	8.8.15-p11.x
synacor / zimbra_collaboration_suite	8.8.15-p12	8.8.15-p12.x
synacor / zimbra_collaboration_suite	8.8.15-p13	8.8.15-p13.x
synacor / zimbra_collaboration_suite	8.8.15-p14	8.8.15-p14.x
synacor / zimbra_collaboration_suite	8.8.15-p15	8.8.15-p15.x
synacor / zimbra_collaboration_suite	8.8.15-p16	8.8.15-p16.x
synacor / zimbra_collaboration_suite	8.8.15-p17	8.8.15-p17.x
synacor / zimbra_collaboration_suite	8.8.15-p18	8.8.15-p18.x
synacor / zimbra_collaboration_suite	8.8.15-p19	8.8.15-p19.x
synacor / zimbra_collaboration_suite	8.8.15-p2	8.8.15-p2.x
synacor / zimbra_collaboration_suite	8.8.15-p20	8.8.15-p20.x
synacor / zimbra_collaboration_suite	8.8.15-p21	8.8.15-p21.x
synacor / zimbra_collaboration_suite	8.8.15-p22	8.8.15-p22.x
synacor / zimbra_collaboration_suite	8.8.15-p23	8.8.15-p23.x
synacor / zimbra_collaboration_suite	8.8.15-p24	8.8.15-p24.x
synacor / zimbra_collaboration_suite	8.8.15-p25	8.8.15-p25.x
synacor / zimbra_collaboration_suite	8.8.15-p26	8.8.15-p26.x
synacor / zimbra_collaboration_suite	8.8.15-p27	8.8.15-p27.x
synacor / zimbra_collaboration_suite	8.8.15-p28	8.8.15-p28.x
synacor / zimbra_collaboration_suite	8.8.15-p29	8.8.15-p29.x
synacor / zimbra_collaboration_suite	8.8.15-p3	8.8.15-p3.x
synacor / zimbra_collaboration_suite	8.8.15-p30	8.8.15-p30.x
synacor / zimbra_collaboration_suite	8.8.15-p4	8.8.15-p4.x
synacor / zimbra_collaboration_suite	8.8.15-p5	8.8.15-p5.x
synacor / zimbra_collaboration_suite	8.8.15-p6	8.8.15-p6.x
synacor / zimbra_collaboration_suite	8.8.15-p7	8.8.15-p7.x
synacor / zimbra_collaboration_suite	8.8.15-p8	8.8.15-p8.x
synacor / zimbra_collaboration_suite	8.8.15-p9	8.8.15-p9.x

Vulnerability Database

309,237

CVE-2022-27925

Deep Security Visibility Without the Complexity