Threats / Synacor / CVE-2022-41352
CVE-2022-41352
· EUVD no mirror located
· GCVE no mirror located
Verified 2026-06-22
Synacor Zimbra Collaboration Suite (ZCS) vulnerability
Synacor Zimbra Collaboration Suite allows arbitrary file upload via cpio package, enabling unauthorized access to other user accounts through path traversal.
Verdict
Today item — known-exploited.
A path traversal vulnerability in ZCS file handling permits unauthenticated or low-privileged attackers to upload malicious files and access arbitrary user data and accounts, with active exploitation observed in the wild.
01
Is it exploitable?
— the evidence, ranked above the scoreExploit available
Fully weaponized — public exploit code is cataloged for this vulnerability.We link the existence of the exploit; we do not host or redistribute payloads.
Reported exploitation
12 independent public reports of in-the-wild exploitation are cataloged.Distinct reporting sources (vendor, incident response, government); open them for the underlying claims.
Exploited in the wild
Listed in the CISA Known Exploited Vulnerabilities catalog (added 2022-10-20).
Probability (EPSS)
EPSS 0.95478 — modeled likelihood of exploitation activity.EPSS is a daily-changing model output — open the source for today's value.
Severity / affected
Affected: Synacor, Zimbra Collaboration Suite (ZCS). Confirm exact fixed builds in the vendor advisory.
Weakness (CWE)
Mapped to CWE-22 Path Traversal — weakness family: Path traversal / file.CWE assignment from the public NVD record; the weakness class drives how the flaw is exploited.
02
Who’s exploiting it?
— attribution turns risk into urgencyAttribution not established
No confirmed (advisory-backed) threat-actor attribution is established for this record. Absence of a named actor is not absence of compromise — see Coverage & confidence.
03
Why it matters
— the attack path, told twice: adversary, then board1
Front door — unauthenticated access narrative 1
Attacker
I craft a malicious cpio package containing path traversal sequences to bypass file upload restrictions.
Business
Attackers gain initial foothold to stage further compromise of the collaboration platform.
2
Keys to the kingdom — privilege/identity takeover narrative 2
Attacker
I upload the crafted package to the vulnerable ZCS instance, placing files outside intended directories.
Business
File system integrity is compromised, allowing placement of webshells or configuration overrides.
3
Lateral reach — past segmentation narrative 3
Attacker
I access other user accounts by leveraging the uploaded files or modified system state.
Business
Confidentiality breach exposes sensitive communications, calendars, and contacts across the user base.
4
Data at risk — exfiltration narrative 4
Attacker
I maintain persistence by modifying authentication or session handling through uploaded files.
Business
Sustained unauthorized access enables data exfiltration and lateral movement within the organization.
04
What to do
— defensible action- Remediate per the vendor advisory — confirm the fixed build for your version and verify exposure.1
Say it to the boardA vulnerability with this evidence profile is a defensible budget line, not a backlog ticket — fund the change against the proof above.
05