Cyber Resilience

CVE-2022-37042

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 12 August 2022

Published
12 August 2022
Modified
04 November 2025
KEV Added
11 August 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9433 100.0th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-37042 is a critical-severity Path Traversal (CWE-22) vulnerability in Synacor Zimbra Collaboration Suite. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

Zimbra Collaboration Suite (ZCS) versions 8.8.15 and 9.0 contain a path traversal vulnerability in the mboximport functionality, which accepts and extracts files from ZIP archives. The flaw stems from an incomplete fix for CVE-2022-27925 and permits unauthenticated access to the import process without requiring an authtoken, as indicated by its CWE-22 classification and critical CVSS 9.8 score.

An attacker with network access can upload crafted ZIP archives that bypass authentication checks, enabling arbitrary file writes on the server. Successful exploitation grants the ability to place malicious content in sensitive directories, resulting in remote code execution on the affected ZCS installation.

Zimbra's security advisories and wiki pages document the issue and direct administrators to available patches and hardening guidance for the affected releases. Public exploit code has been posted to PacketStorm, and the vulnerability carries an EPSS score that reached a peak of 0.9755 with a current value of 0.9433.

EU & UK References

Vulnerability details

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory…

more

traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.

CWE(s)
KEV Date Added
11 August 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

synacor
zimbra collaboration suite
8.8.15, 9.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication and authorization checks on the mboximport endpoint to block unauthenticated ZIP uploads that enable directory traversal.

prevent

Requires validation of all input (ZIP archives and embedded paths) to reject malformed or traversal sequences before extraction occurs.

prevent

Mandates identification and authentication mechanisms that would have prevented the authtoken bypass used to reach the vulnerable import function.

References