Synacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution. | Apply updates per vendor instructions.
Synacor Zimbra Collaboration Suite (ZCS)
Exploit
CVE-2022-27925
CISA KEV
Apply patch by 2022-09-01