Unrated severityCISA KEVNVD Advisory· Published Aug 11, 2022· Updated Oct 21, 2025
CVE-2022-37042
CVE-2022-37042
Description
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 8.8.15, 9.0
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.htmlmitrex_refsource_MISC
- wiki.zimbra.com/wiki/Security_Centermitrex_refsource_MISC
- wiki.zimbra.com/wiki/Zimbra_Security_Advisoriesmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.