CVE-2022-27925

KEV · Ransomware EPSS 94.31% · P100 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-27925

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Zimbra Collaboration Suite 路径遍历漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Zimbra Collaboration Suite（ZCS）是美国Zimbra的一款开源协同办公套件。该产品包括WebMail、日历、通信录等。 Zimbra Collaboration Suite 8.8.15 和 9.0 存在路径遍历漏洞，具有管理员权限的经过身份验证的用户能够将任意文件上传到系统，从而导致目录遍历。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2022-27925

#	POC Description	Source Link	Shenlong Link
1	Zimbra RCE simple poc	https://github.com/vnhacker1337/CVE-2022-27925-PoC	POC Details
2	Zimbra Unauthenticated Remote Code Execution Exploit (CVE-2022-27925)	https://github.com/mohamedbenchikh/CVE-2022-27925	POC Details
3	None	https://github.com/miko550/CVE-2022-27925	POC Details
4	None	https://github.com/navokus/CVE-2022-27925	POC Details
5	Zimbra CVE-2022-27925 PoC	https://github.com/Josexv1/CVE-2022-27925	POC Details
6	Python Script to exploit Zimbra Auth Bypass + RCE (CVE-2022-27925)	https://github.com/Chocapikk/CVE-2022-27925-Revshell	POC Details
7	CVE-2022-27925 nuclei template	https://github.com/akincibor/CVE-2022-27925	POC Details
8	Python Script to exploit Zimbra Auth Bypass + RCE (CVE-2022-27925)	https://github.com/lolminerxmrig/CVE-2022-27925-Revshell	POC Details
9	None	https://github.com/touchmycrazyredhat/CVE-2022-27925-Revshell	POC Details
10	CVE-2022-27925	https://github.com/jam620/Zimbra	POC Details
11	A loader for zimbra 2022 rce (cve-2022-27925)	https://github.com/Inplex-sys/CVE-2022-27925	POC Details
12	None	https://github.com/onlyHerold22/CVE-2022-27925-PoC	POC Details
13	PoC	https://github.com/sanan2004/CVE-2022-27925	POC Details
14	None	https://github.com/mpvx/CVE-2022-27925	POC Details
15	Detects the JSP implementation of the Godzilla Webshell.	https://github.com/projectdiscovery/nuclei-templates/blob/main/file/malware/hash/godzilla-webshell-hash.yaml	POC Details
16	Detects the reGeorg webshells' JSP version.	https://github.com/projectdiscovery/nuclei-templates/blob/main/file/malware/hash/regeorg-webshell-hash.yaml	POC Details
17	None	https://github.com/huahuatzt/CVE-2022-27925	POC Details
18	A loader for zimbra 2022 rce (cve-2022-27925)	https://github.com/SystemVll/CVE-2022-27925	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-27925

请登录查看更多情报信息。

https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24x_refsource_MISC
http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.htmlx_refsource_MISC
Zimbra Security Advisories - Zimbra :: Tech Centerx_refsource_MISC
Security Center - Zimbra :: Tech Centerx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2022-27925

Same Patch Batch · n/a · 2022-04-20 · 22 CVEs total

CVE-2022-29537		GPAC 缓冲区错误漏洞
CVE-2022-27926		Zimbra 安全漏洞
CVE-2022-27924		Zimbra 注入漏洞
CVE-2022-29536		GNOME Epiphany 缓冲区错误漏洞
CVE-2021-43481		webTareas SQL注入漏洞
CVE-2021-37740		MDT KNXnet/IP Secure router和MDT KNX IP interface 安全漏洞
CVE-2022-0567		ovn-kubernetes 安全特征问题漏洞
CVE-2022-25344		Kyocera d-COLOR MF3555 跨站脚本漏洞
CVE-2022-25343		Kyocera d-COLOR MF3555 安全漏洞
CVE-2022-25342		Kyocera d-COLOR MF3555 安全漏洞
CVE-2022-29527		Amazon AWS 安全漏洞
CVE-2022-24675		Google Go 安全漏洞
CVE-2022-29534		MISP 授权问题漏洞
CVE-2022-29533		MISP 跨站脚本漏洞
CVE-2022-29532		MISP 跨站脚本漏洞
CVE-2022-29531		MISP 跨站脚本漏洞
CVE-2022-29530		MISP 跨站脚本漏洞
CVE-2022-29529		MISP 跨站脚本漏洞
CVE-2022-29528		MISP 代码问题漏洞
CVE-2022-28327		Google Go 安全漏洞

Showing top 20 of 22 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2022-27925

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-27925

I. Basic Information for CVE-2022-27925

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2022-27925

III. Intelligence Information for CVE-2022-27925

Same Patch Batch · n/a · 2022-04-20 · 22 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-27925

Leave a comment