What is CVE-2022-41352?

A critical vulnerability in Synacor Zimbra Collaboration Suite allows attackers to upload arbitrary files, leading to incorrect access to user accounts. Immediate action is required to mitigate risks associated with this flaw.

What is the severity of CVE-2022-41352?

CVE-2022-41352 has a severity rating of CRITICAL with a CVSS base score of 9.8.

Is CVE-2022-41352 in CISA KEV?

Yes. CVE-2022-41352 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2022-41352 | Critical Vulnerability in Synacor Zimbra Collaboration Suite

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.

The vulnerability has a CVSS score of 9.8, categorizing it as critical. Risk to organizations includes unauthorized access to sensitive information and potential complete system compromise. Organizations should prioritize patching immediately.

As of now, this vulnerability is included in the Known Exploited Vulnerabilities catalog, indicating its active exploitation in the wild. Organizations must address this vulnerability in their priority patch cycle.

Given the severity and the potential impact of this vulnerability, it is critical for organizations using Zimbra Collaboration Suite to take immediate action to secure their systems.

Vulnerability Details

The vulnerability allows arbitrary file uploads due to improper validation in the amavis component, which is part of the Zimbra Collaboration Suite. The affected versions are ZCS 8.8.15 and 9.0.

The vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory). It has a CVSS score of 9.8, indicating that the attack vector is network-based, and the attack complexity is low.

Organizations using ZCS should implement patches provided by Synacor and ensure that their configurations comply with the vendor's recommendations.

Technical Analysis

The root cause of this vulnerability is due to the cpio loophole, which allows attackers to bypass file upload restrictions. The attack vector is network-based, allowing attackers to exploit this vulnerability remotely without requiring physical access to the system.

The attack complexity is low, and no privileges are required for exploitation. User interaction is not necessary, making this vulnerability particularly dangerous. The confidentiality, integrity, and availability impacts are all classified as high.

Risk & Impact Analysis

Organizations using vulnerable versions of Zimbra Collaboration Suite face significant risks, including unauthorized access to sensitive data, potential data breaches, and loss of customer trust. The blast radius could extend to all users within the affected organization, making the impact widespread.

Due to its critical nature, this vulnerability should be addressed as a top priority. The CVSS score of 9.8 indicates a high urgency for remediation, and organizations should implement available patches immediately.

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

The affected versions are Zimbra Collaboration Suite 8.8.15 and 9.0. Organizations should ensure they are running patched versions to mitigate this critical vulnerability.

Mitigation & Remediation

Organizations should apply updates per vendor instructions as soon as possible. If a patch is not available, consider implementing workarounds such as disabling the amavis file upload feature until a fix is applied.

For further information on Zimbra Collaboration Suite security, organizations can refer to the Zimbra Security Center.

Detection Guidance

Organizations should monitor for unusual file uploads and access patterns within Zimbra Collaboration Suite. Log indicators should include any attempts to upload files through amavis that deviate from normal usage.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability demonstrates the need for continuous monitoring of file upload functionalities within web applications. Security teams should be vigilant and ensure their systems are configured to prevent similar vulnerabilities.

This vulnerability highlights the importance of keeping software components up to date and adhering to vendor recommendations for security configurations.

Security teams should perform regular security assessments to identify and remediate vulnerabilities proactively.

Web application penetration testing can help uncover such vulnerabilities before they can be exploited.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2022-41352: Critical Vulnerability in Synacor Zimbra Collaboration Suite