CVE-2022-27925: 
Zimbra Collaboration Server vulnerability analysis and mitigation

Zimbra Collaboration Suite (ZCS) versions 8.8.15 and 9.0 contained a remote code execution vulnerability (CVE-2022-27925) in the mboximport functionality that processes ZIP archives. Initially requiring administrator authentication, this vulnerability was later discovered to be exploitable without authentication when chained with CVE-2022-37042, an authentication bypass vulnerability (Volexity).

The vulnerability exists in the mboximport functionality that receives and extracts ZIP archives. The initial CVE-2022-27925 allowed an authenticated administrator to upload arbitrary files to perform remote code execution through directory traversal. When combined with CVE-2022-37042, attackers could bypass the authentication requirement due to incomplete authentication checks in the code that allowed subsequent code execution regardless of authentication status (Volexity).

The vulnerability allowed attackers to achieve remote code execution and gain unauthorized access to email servers. Over 1,000 ZCS instances worldwide were identified as compromised and backdoored, affecting various organizations including government departments, military branches, and businesses (Volexity).

Zimbra patched CVE-2022-27925 in March 2022 with versions 8.8.15P31 and 9.0.0P24. The authentication bypass (CVE-2022-37042) was later patched in versions 9.0.0P26 and 8.8.15P33 released at the end of July 2022. Organizations are strongly advised to update to these patched versions (Zimbra Security).