Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv3

CVE-2022-27925

Published: 21/04/2022 Updated: 08/08/2023
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 694
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Zimbra

Vulnerability Summary

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zimbra collaboration 9.0.0

zimbra collaboration 8.8.15

Exploits

Exploit DB: Zimbra Zip Path Traversal
This Metasploit module POSTs a ZIP file containing path traversal characters to the administrator interface for Zimbra Collaboration Suite If successful, it plants a JSP-based backdoor within the web directory, then executes it The core vulnerability is a path traversal issue in Zimbra Collaboration Suite's ZIP implementation that can result in t ...
Exploit DB: Zip Path Traversal in Zimbra (mboximport) (CVE-2022-27925)
This module POSTs a ZIP file containing path traversal characters to the administrator interface for Zimbra Collaboration Suite If successful, it plants a JSP-based backdoor within the web directory, then executes it The core vulnerability is a path-traversal issue in Zimbra Collaboration Suite's ...

Metasploit Modules

Zip Path Traversal in Zimbra (mboximport) (CVE-2022-27925)

This module POSTs a ZIP file containing path traversal characters to the administrator interface for Zimbra Collaboration Suite. If successful, it plants a JSP-based backdoor within the web directory, then executes it. The core vulnerability is a path-traversal issue in Zimbra Collaboration Suite's ZIP implementation that can result in the extraction of an arbitrary file to an arbitrary location on the host. This issue is exploitable on the following versions of Zimbra: * Zimbra Collaboration Suite Network Edition 9.0.0 Patch 23 (and earlier) * Zimbra Collaboration Suite Network Edition 8.8.15 Patch 30 (and earlier) Note that the Open Source Edition is not affected.

msf > use exploit/linux/http/zimbra_mboximport_cve_2022_27925
msf exploit(zimbra_mboximport_cve_2022_27925) > show targets
    ...targets...
msf exploit(zimbra_mboximport_cve_2022_27925) > set TARGET < target-id >
msf exploit(zimbra_mboximport_cve_2022_27925) > show options
    ...show and set options...
msf exploit(zimbra_mboximport_cve_2022_27925) > exploit

Github Repositories

https://github.com/miko550/CVE-2022-27925

CVE-2022-27925 Setup git clone githubcom/miko550/CVE-2022-27925git cd CVE-2022-27925 Usage usage: CVE-2022-2925py [-h] [-t TARGET] [-l LIST] options: -h, --help show this help message and exit -t TARGET, --target TARGET The URL of the target, eg: 127001 -l LIST, --list LIST List of target url saper

https://github.com/vnhacker1337/CVE-2022-27925-PoC

Zimbra RCE simple poc

CVE-2022-27925-PoC Zimbra RCE simple poc

https://github.com/MeDx64/CVE-2022-27925

Zimbra Unauthenticated Remote Code Execution Exploit (CVE-2022-27925)

Zimbra Unauthenticated Remote Code Execution Exploit (CVE-2022-27925)

https://github.com/GreyNoise-Intelligence/Zimbra_CVE-2022-37042-_CVE-2022-27925

Zimbra_CVE-2022-37042-_CVE-2022-27925

https://github.com/akincibor/CVE-2022-27925

CVE-2022-27925 nuclei template

CVE-2022-27925 CVE-2022-27925 nuclei template

https://github.com/onlyHerold22/CVE-2022-27925-PoC

CVE-2022-27925-PoC Zimbra RCE simple poc

https://github.com/0xf4n9x/CVE-2022-37042

CVE-2022-37042 Zimbra Auth Bypass leads to RCE

CVE-2022-37042 Usage 查看漏洞信息。 go run maingo -s _______ ________ ___ ____ ___ ___ ______________ __ __ ___ / ____/ | / / ____/ |__ \ / __ \__ \|__ \ |__ /__ / __ \/ // /|__ \ / / | | / / __/________/ // / / /_/ /__/ /_____ /_ &lt; / / / / / // /___/ / / /___ | |/ / /__/_____/ __// /_/ / __// __/_____/__/ / / / /_/ /__ __/ __/ \__

https://github.com/Chocapikk/CVE-2022-27925-Revshell

Python Script to exploit Zimbra Auth Bypass + RCE (CVE-2022-27925)

Zimbra Unauthenticated Remote Code Execution Exploit (CVE-2022-27925) _____ _ __ /__ / (_)___ ___ / /_ _________ _ / / / / __ `__ \/ __ \/ ___/ __ `/ / /__/ / / / / / / /_/ / / / /_/ / /____/_/_/ /_/ /_/____/_/ \__,_/ CVE-2022-27925 usage: exppy [-h] [-t TARGET] [-m MASS] [-l LHOST] [-p LPORT] optio

https://github.com/Inplex-sys/CVE-2022-27925

A loader for zimbra 2022 rce (cve-2022-27925)

CVE-2022-27925 (Zimbra RCE 2022) This repo is part of the hgrab-framework dork title: "&lt;title&gt;Zimbra Web Client Sign In&lt;/title&gt;" Affected product Zimbra Collaboration Suite Network Edition 900 Patch 23 (and earlier) Zimbra Collaboration Suite Network Edition 8815 Patch 30 (and earlier) Installation Install the app on the server user@d

https://github.com/touchmycrazyredhat/CVE-2022-27925-Revshell

Zimbra Unauthenticated Remote Code Execution Exploit (CVE-2022-27925) _____ _ __ /__ / (_)___ ___ / /_ _________ _ / / / / __ `__ \/ __ \/ ___/ __ `/ / /__/ / / / / / / /_/ / / / /_/ / /____/_/_/ /_/ /_/____/_/ \__,_/ CVE-2022-27925 usage: exppy [-h] [-t TARGET] [-m MASS] [-l LHOST] [-p LPORT] optio

https://github.com/Josexv1/CVE-2022-27925

Zimbra CVE-2022-27925 PoC

CVE-2022-27925 Description On May 10, 2022, Zimbra released versions 900 patch 24 and 8815 patch 31 to address multiple vulnerabilities in Zimbra Collaboration Suite, including CVE-2022-27924 (which we wrote about previously) and CVE-2022-27925 Originally, Zimbra called CVE-2022-27925 an authenticated path-traversal attack, where an administrative user could write files in

https://github.com/mohamedbenchikh/CVE-2022-27925

Zimbra Unauthenticated Remote Code Execution Exploit (CVE-2022-27925)

Zimbra Unauthenticated Remote Code Execution Exploit (CVE-2022-27925)

https://github.com/jam620/Zimbra

CVE-2022-27925

Explotación Activa Sobre Zimbra CVE-2022-37042 (RCE Unauthenticated) La siguiente investigación inicio tratando de entender las POC de varios repositorios en GitHub que compartieron muchos investigadores y termino en una sorpresa interesante, que compartiré en los siguientes parrafos El 10 de agosto del presente año el grupo de investigación

Recent Articles

If you haven't patched Zimbra holes by now, assume you're toast
The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Here's how to detect an intrusion via vulnerable email systems How do you choose a Cloud Security Provider?

Organizations that didn't immediately patch their Zimbra email systems should assume miscreants have already found and exploited the bugs, and should start hunting for malicious activity across IT networks, according to Uncle Sam. In a security alert updated on Monday, the US government's Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned that cybercriminals are actively exploiting five vulnerabilities in the Zimbr...

Read more...

References

CWE-22https://wiki.zimbra.com/wiki/Zimbra_Security_Advisorieshttps://wiki.zimbra.com/wiki/Security_Centerhttps://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.htmlhttps://nvd.nist.govhttps://www.theregister.co.uk/2022/08/23/cisa_zimbra_signatures/https://github.com/vnhacker1337/CVE-2022-27925-PoC
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook