CVE-2022-41352

CVE Database · CVE-2022-41352

CVE-2022-41352

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

95.48%

Published

Sep 25, 2022

Modified

Nov 3, 2025

CISA Known Exploited Vulnerability

Added: 2022-10-20 · Due: 2022-11-10

Apply updates per vendor instructions.

Public PoC / Exploit (5)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCCr4ckC4t/cve-2022-41352-zimbra-rce★109 GitHub PoCsegfault-it/cve-2022-41352★8 GitHub PoCqailanet/cve-2022-41352-zimbra-rce★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-22CWE-22

Affected Products (63)

synacor · zimbra_collaboration_suitevulnerable