CVE-2022-37393

HIGH

Zimbra zmslapd arbitrary module load

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-37393. PoCs published by Darren Martyn, Ron Bowes, including Metasploit module exploits/linux/local/zimbra_slapper_priv_esc.

AI-analyzed exploit summary This Metasploit module exploits CVE-2022-37393, a vulnerability in Zimbra's sudo configuration allowing the zimbra user to execute zmslapd as root with arbitrary parameters. It leverages this to load a malicious .so file via a custom configuration, achieving local privilege escalation.

Description

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

Exploits (1)

metasploit WORKING POC EXCELLENT
by Darren Martyn, Ron Bowes · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/zimbra_slapper_priv_esc.rb

This Metasploit module exploits CVE-2022-37393, a vulnerability in Zimbra's sudo configuration allowing the zimbra user to execute zmslapd as root with arbitrary parameters. It leverages this to load a malicious .so file via a custom configuration, achieving local privilege escalation.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Zimbra Collaboration Suite (specific version not specified)
Auth required
Prerequisites: Access to a Zimbra user account with sudo privileges for zmslapd · Write access to a directory for staging payloads
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/rapid7/metasploit-framework/pull/16807
Exploit, Third Party Advisory x_refsource_misc
https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis
Exploit, Third Party Advisory x_refsource_misc
https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/

Scores

CVSS v3 7.8
EPSS 0.0168
EPSS Percentile 74.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-284
Status published
Products (17)
zimbra/collaboration 8.7.6
zimbra/collaboration 8.7.7
zimbra/collaboration 8.7.9
zimbra/collaboration 8.7.10
zimbra/collaboration 8.7.11 (16 CPE variants)
zimbra/collaboration 8.8.0 beta1
zimbra/collaboration 8.8.2
zimbra/collaboration 8.8.3
zimbra/collaboration 8.8.4
zimbra/collaboration 8.8.6
... and 7 more
Published Aug 16, 2022
Tracked Since Feb 18, 2026