Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
https://www.tenable.com/cyber-exposure/tenable-2022-threat-landscape-report
https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-228a
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories