HomePentest-Tools.com Logo

Zimbra ZCS - Remote Code Execution (CVE-2022-27925, CVE-2022-37042)

CVSSv3 Score
Exploitable with Sniper
Vulnerability description

Zimbra is affected by an Authentication Bypass and an Arbitrary File Upload vulnerabilities that can lead to a Directory Traversal attack, in which an attacker can upload a ZIP archive that contains a webshell file. The root cause of these vulnerabilities is in the mboximport functionality. Although this was initially marked as an authenticated vulnerability, where you must have an administrative session to upload the ZIP file, an authentication bypass was found later that move the overall vulnerability to an unauthenticated remote code execution. Versions affected are 8.8.15 and 9.0.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the Zimbra server to steal confidential information, install ransomware, or pivot to the internal network.


Upgrade the Zimbra server to the latest version.

Detectable with
Network Scanner
Vuln date
Apr 2022
Published at
Updated at
Software Type
Email server
Zimbra Collaboration Software
Not available