Security Advisory

CVE-2022-27925

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-04-20 23:23:25

Last updated 2025-10-21 23:15:41

Assigner mitre

State PUBLISHED

Description

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.

← Browse all CVEs View on cve.org ↗