What the vulnerability does

01Description

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.

Key dates

02Disclosure timeline

October 17, 2022 CVE published
May 13, 2025 Record updated