The zero-day vulnerability is tracked as CVE-2022-41352, rated critical (CVSS v3 score: 9.8), and allows an attacker to upload arbitrary files through “Amavis” (email security system).
Source: cyware.com