Search criteria
156 vulnerabilities found for workplace_virtual_desktop_infrastructure by zoom
CVE-2025-64740 (GCVE-0-2025-64740)
Vulnerability from nvd – Published: 2025-11-13 14:35 – Updated: 2025-11-14 16:51
VLAI?
Title
Zoom Workplace VDI Client for Windows - Improper Verification of Cryptographic Signature
Summary
Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
Severity ?
7.5 (High)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace VDI Client |
Affected:
see references
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T04:55:32.349914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T16:51:22.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Workplace VDI Client",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2025-11-11T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eImproper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T14:35:39.025Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25042"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace VDI Client for Windows - Improper Verification of Cryptographic Signature",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-64740",
"datePublished": "2025-11-13T14:35:39.025Z",
"dateReserved": "2025-11-10T19:56:35.266Z",
"dateUpdated": "2025-11-14T16:51:22.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64739 (GCVE-0-2025-64739)
Vulnerability from nvd – Published: 2025-11-13 14:28 – Updated: 2025-11-14 16:51
VLAI?
Title
Zoom Clients - External Control of File Name or Path
Summary
External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.
Severity ?
4.3 (Medium)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Clients |
Affected:
see references
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T15:40:21.202791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T16:51:41.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "Zoom Clients",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2025-11-11T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eExternal control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.\u003c/p\u003e"
}
],
"value": "External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T14:28:58.527Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25041"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Clients - External Control of File Name or Path",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-64739",
"datePublished": "2025-11-13T14:28:58.527Z",
"dateReserved": "2025-11-10T19:56:35.266Z",
"dateUpdated": "2025-11-14T16:51:41.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30669 (GCVE-0-2025-30669)
Vulnerability from nvd – Published: 2025-11-13 14:49 – Updated: 2025-11-13 15:17
VLAI?
Title
Zoom Workplace Clients - Improper Certificate Validation
Summary
Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.
Severity ?
4.8 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Clients |
Affected:
see references
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30669",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T15:17:14.245561Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T15:17:54.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Zoom Workplace Clients",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2025-11-11T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eImproper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T14:49:54.870Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25044"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Clients - Improper Certificate Validation",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-30669",
"datePublished": "2025-11-13T14:49:54.870Z",
"dateReserved": "2025-03-24T22:35:25.476Z",
"dateUpdated": "2025-11-13T15:17:54.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62483 (GCVE-0-2025-62483)
Vulnerability from nvd – Published: 2025-11-13 15:03 – Updated: 2025-11-13 15:15
VLAI?
Title
Zoom Clients - Improper Removal of Sensitive Information
Summary
Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.
Severity ?
5.3 (Medium)
CWE
- CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Clients |
Affected:
see references
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T15:14:57.914732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T15:15:51.024Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS"
],
"product": "Zoom Clients",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2025-11-11T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-212",
"description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T15:03:07.612Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25047"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Clients - Improper Removal of Sensitive Information",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-62483",
"datePublished": "2025-11-13T15:03:07.612Z",
"dateReserved": "2025-10-14T23:02:23.206Z",
"dateUpdated": "2025-11-13T15:15:51.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30662 (GCVE-0-2025-30662)
Vulnerability from nvd – Published: 2025-11-13 14:53 – Updated: 2025-11-14 04:55
VLAI?
Title
Zoom Workplace VDI Plugin macOS Universal Installer - Symlink Following
Summary
Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.
Severity ?
6.6 (Medium)
CWE
- CWE-646 - Reliance on File Name or Extension of Externally-Supplied File
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace VDI Plugin macOS Universal installer |
Affected:
see references
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30662",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T04:55:37.758Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Zoom Workplace VDI Plugin macOS Universal installer",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2025-11-11T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSymlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.\u003c/p\u003e"
}
],
"value": "Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-646",
"description": "CWE-646: Reliance on File Name or Extension of Externally-Supplied File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T14:53:09.801Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25045"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace VDI Plugin macOS Universal Installer - Symlink Following",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-30662",
"datePublished": "2025-11-13T14:53:09.801Z",
"dateReserved": "2025-03-24T22:35:25.475Z",
"dateUpdated": "2025-11-14T04:55:37.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58132 (GCVE-0-2025-58132)
Vulnerability from nvd – Published: 2025-10-15 16:10 – Updated: 2025-10-22 03:55
VLAI?
Title
Zoom Clients for Windows - Command Injection
Summary
Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.
Severity ?
4.1 (Medium)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Clients for Windows |
Affected:
see references
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T03:55:12.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Clients for Windows",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2025-10-14T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eCommand injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.\u003c/span\u003e"
}
],
"value": "Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T16:10:20.442Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25038"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Clients for Windows - Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-58132",
"datePublished": "2025-10-15T16:10:20.442Z",
"dateReserved": "2025-08-25T21:15:02.862Z",
"dateUpdated": "2025-10-22T03:55:12.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58135 (GCVE-0-2025-58135)
Vulnerability from nvd – Published: 2025-09-09 21:45 – Updated: 2025-09-10 19:33
VLAI?
Title
Zoom Workplace Clients for Windows - Improper Action Enforcement
Summary
Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.
Severity ?
5.3 (Medium)
CWE
- CWE-837 - Improper Enforcement of a Single, Unique Action
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Clients for Windows |
Affected:
0 , < see references
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T19:32:54.091406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T19:33:42.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Workplace Clients for Windows",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"lessThan": "see references",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-09-09T12:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003e\n\n\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003e\n\n\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eImproper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.\u003c/span\u003e\u003c/b\u003e\n\n\u003c/span\u003e\u003c/b\u003e\n\n\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-837",
"description": "CWE-837: Improper Enforcement of a Single, Unique Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T21:45:52.362Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25036"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Clients for Windows - Improper Action Enforcement",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-58135",
"datePublished": "2025-09-09T21:45:52.362Z",
"dateReserved": "2025-08-25T21:15:02.863Z",
"dateUpdated": "2025-09-10T19:33:42.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58134 (GCVE-0-2025-58134)
Vulnerability from nvd – Published: 2025-09-09 21:44 – Updated: 2025-09-10 20:24
VLAI?
Title
Zoom Workplace Clients for Windows - Incorrect Authorization
Summary
Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access.
Severity ?
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Clients for Windows |
Affected:
0 , < see references
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T20:24:03.992632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T20:24:12.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Workplace Clients for Windows",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"lessThan": "see references",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-09-09T12:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003e\n\n\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eIncorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access.\u003c/span\u003e\u003c/b\u003e\n\n\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T21:46:27.086Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25035"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Clients for Windows - Incorrect Authorization",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-58134",
"datePublished": "2025-09-09T21:44:01.928Z",
"dateReserved": "2025-08-25T21:15:02.863Z",
"dateUpdated": "2025-09-10T20:24:12.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49461 (GCVE-0-2025-49461)
Vulnerability from nvd – Published: 2025-09-09 21:42 – Updated: 2025-09-10 20:24
VLAI?
Title
Zoom Workplace Clients - Cross-site Scripting
Summary
Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Clients |
Affected:
0 , < see references
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T20:24:26.712640Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T20:24:36.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Clients",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"lessThan": "see references",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-09-09T12:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003e\n\n\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eCross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.\u003c/span\u003e\u003c/b\u003e\n\n\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T21:42:05.838Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25034"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Clients - Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-49461",
"datePublished": "2025-09-09T21:42:05.838Z",
"dateReserved": "2025-06-04T22:48:18.920Z",
"dateUpdated": "2025-09-10T20:24:36.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2025-64739
Vulnerability from fkie_nvd - Published: 2025-11-13 15:15 - Updated: 2026-01-13 20:46
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.
References
| URL | Tags | ||
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-25041 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "81E0F90E-35B6-464F-9BE3-164BA24D2009",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "6E806B61-C0EF-4A0E-9B7A-F5D27D173B32",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "851C9061-1A47-4521-9FD9-9933A5A7509A",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "D2D51ECB-5A89-4C78-A30E-7B454D63B24F",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8B3EA329-4800-4C0F-87AC-75C98EA4BC21",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "FFBB7286-F0EF-4F07-B5CD-EF140843D636",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "38D8F8A2-A530-4A22-99D2-1C385CDBC5F1",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "5129314C-E9A6-48A5-973D-4293E5362582",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5766D499-72EC-47FB-9EA0-F8239E8CD971",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "08F19DBA-97B0-4FEB-BE40-35C58E25212E",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "E77D9B96-3C18-49F1-9119-30A154D6243D",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "366D7D39-E1C5-48C0-8F12-F4860FA5BD44",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5D61DBA7-2AFE-47E4-8A7E-3C8EE6696BF9",
"versionEndExcluding": "6.3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "A57A2EE0-D00B-4266-B152-2439B8ED774A",
"versionEndExcluding": "6.4.12",
"versionStartIncluding": "6.4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access."
}
],
"id": "CVE-2025-64739",
"lastModified": "2026-01-13T20:46:49.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-13T15:15:53.523",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25041"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-73"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-64740
Vulnerability from fkie_nvd - Published: 2025-11-13 15:15 - Updated: 2026-01-13 20:51
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
References
| URL | Tags | ||
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/ZSB-25042 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | workplace_virtual_desktop_infrastructure | * | |
| zoom | workplace_virtual_desktop_infrastructure | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5D61DBA7-2AFE-47E4-8A7E-3C8EE6696BF9",
"versionEndExcluding": "6.3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "A57A2EE0-D00B-4266-B152-2439B8ED774A",
"versionEndExcluding": "6.4.12",
"versionStartIncluding": "6.4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access."
}
],
"id": "CVE-2025-64740",
"lastModified": "2026-01-13T20:51:36.673",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-13T15:15:53.820",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25042"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-30669
Vulnerability from fkie_nvd - Published: 2025-11-13 15:15 - Updated: 2026-01-13 20:50
Severity ?
4.8 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.
References
| URL | Tags | ||
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-25044 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "81E0F90E-35B6-464F-9BE3-164BA24D2009",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "851C9061-1A47-4521-9FD9-9933A5A7509A",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "08F19DBA-97B0-4FEB-BE40-35C58E25212E",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "366D7D39-E1C5-48C0-8F12-F4860FA5BD44",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5D61DBA7-2AFE-47E4-8A7E-3C8EE6696BF9",
"versionEndExcluding": "6.3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "A57A2EE0-D00B-4266-B152-2439B8ED774A",
"versionEndExcluding": "6.4.12",
"versionStartIncluding": "6.4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access."
}
],
"id": "CVE-2025-30669",
"lastModified": "2026-01-13T20:50:57.583",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-13T15:15:51.240",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25044"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-62483
Vulnerability from fkie_nvd - Published: 2025-11-13 15:15 - Updated: 2026-01-13 20:50
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.
References
| URL | Tags | ||
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-25047 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "81E0F90E-35B6-464F-9BE3-164BA24D2009",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "6E806B61-C0EF-4A0E-9B7A-F5D27D173B32",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "851C9061-1A47-4521-9FD9-9933A5A7509A",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "D2D51ECB-5A89-4C78-A30E-7B454D63B24F",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8B3EA329-4800-4C0F-87AC-75C98EA4BC21",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "FFBB7286-F0EF-4F07-B5CD-EF140843D636",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "38D8F8A2-A530-4A22-99D2-1C385CDBC5F1",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "5129314C-E9A6-48A5-973D-4293E5362582",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5766D499-72EC-47FB-9EA0-F8239E8CD971",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "08F19DBA-97B0-4FEB-BE40-35C58E25212E",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "E77D9B96-3C18-49F1-9119-30A154D6243D",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "366D7D39-E1C5-48C0-8F12-F4860FA5BD44",
"versionEndExcluding": "6.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5D61DBA7-2AFE-47E4-8A7E-3C8EE6696BF9",
"versionEndExcluding": "6.3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "A57A2EE0-D00B-4266-B152-2439B8ED774A",
"versionEndExcluding": "6.4.12",
"versionStartIncluding": "6.4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access."
}
],
"id": "CVE-2025-62483",
"lastModified": "2026-01-13T20:50:10.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-13T15:15:51.860",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25047"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-212"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-30662
Vulnerability from fkie_nvd - Published: 2025-11-13 15:15 - Updated: 2026-01-09 22:10
Severity ?
6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.
References
| URL | Tags | ||
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-25045 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | workplace_virtual_desktop_infrastructure | * | |
| zoom | workplace_virtual_desktop_infrastructure | * | |
| zoom | workplace_virtual_desktop_infrastructure | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "3C47721E-82D9-4607-9C27-BAC7C1B872A1",
"versionEndExcluding": "6.3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "3508872C-50EA-4E60-9898-A444B998E77A",
"versionEndExcluding": "6.4.14",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "7FC04625-1677-4265-8DF8-6C563F72C0E4",
"versionEndExcluding": "6.5.10",
"versionStartIncluding": "6.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access."
}
],
"id": "CVE-2025-30662",
"lastModified": "2026-01-09T22:10:55.730",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.2,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-13T15:15:51.070",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25045"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-646"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-58132
Vulnerability from fkie_nvd - Published: 2025-10-15 17:15 - Updated: 2025-10-21 19:32
Severity ?
4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.
References
| URL | Tags | ||
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-25038 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_virtual_desktop_infrastructure | * | |
| zoom | workplace_virtual_desktop_infrastructure | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "1AC1A5EB-3E43-4888-9269-B86AC5C01C1F",
"versionEndExcluding": "6.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F2EFF630-7272-445F-9E7D-B456CC611DA8",
"versionEndExcluding": "6.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5A3D948D-B067-43ED-95D3-1811106AA9C7",
"versionEndExcluding": "6.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "B004FACC-69FE-49D1-B1A8-54A625E7E8C6",
"versionEndExcluding": "6.3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "399FCFB8-8F84-41F3-973A-3C99C1456C88",
"versionEndExcluding": "6.4.13",
"versionStartIncluding": "6.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access."
}
],
"id": "CVE-2025-58132",
"lastModified": "2025-10-21T19:32:07.400",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-10-15T17:15:59.917",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25038"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-58135
Vulnerability from fkie_nvd - Published: 2025-09-09 22:15 - Updated: 2025-10-06 17:58
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.
References
| URL | Tags | ||
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/ZSB-25036 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | rooms_controller | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_virtual_desktop_infrastructure | * | |
| zoom | workplace_virtual_desktop_infrastructure | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "7D7BB056-46F3-4E1F-8CC8-F63CD84406A5",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "CB0357E0-F2BC-449C-A95D-96037CE0D78A",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EE228E04-E5E5-425C-8980-28BD8C8356F8",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "68497FDD-DFBD-43CE-9C24-7536BBE35EDF",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5D61DBA7-2AFE-47E4-8A7E-3C8EE6696BF9",
"versionEndExcluding": "6.3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D325C796-B3D5-4A6A-A165-32A9CE4DC62C",
"versionEndExcluding": "6.4.12",
"versionStartIncluding": "6.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access."
}
],
"id": "CVE-2025-58135",
"lastModified": "2025-10-06T17:58:01.900",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-09-09T22:15:34.117",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25036"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-837"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-58134
Vulnerability from fkie_nvd - Published: 2025-09-09 22:15 - Updated: 2025-10-06 17:47
Severity ?
Summary
Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access.
References
| URL | Tags | ||
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/ZSB-25035 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | rooms_controller | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_virtual_desktop_infrastructure | * | |
| zoom | workplace_virtual_desktop_infrastructure | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "7D7BB056-46F3-4E1F-8CC8-F63CD84406A5",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "CB0357E0-F2BC-449C-A95D-96037CE0D78A",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EE228E04-E5E5-425C-8980-28BD8C8356F8",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "68497FDD-DFBD-43CE-9C24-7536BBE35EDF",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5D61DBA7-2AFE-47E4-8A7E-3C8EE6696BF9",
"versionEndExcluding": "6.3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D325C796-B3D5-4A6A-A165-32A9CE4DC62C",
"versionEndExcluding": "6.4.12",
"versionStartIncluding": "6.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access."
}
],
"id": "CVE-2025-58134",
"lastModified": "2025-10-06T17:47:34.463",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
}
]
},
"published": "2025-09-09T22:15:33.943",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25035"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-49461
Vulnerability from fkie_nvd - Published: 2025-09-09 22:15 - Updated: 2025-10-06 17:45
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
Summary
Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
References
| URL | Tags | ||
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/ZSB-25034 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "5089DFBB-1D06-4448-AAA7-74EE48C989C2",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "614582AC-FE96-4161-A2D4-D9D75712A363",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "DC74FD2C-12E3-4EC3-96DC-53E0FF5A8FF5",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "7D7BB056-46F3-4E1F-8CC8-F63CD84406A5",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*",
"matchCriteriaId": "140433EE-35C6-42E1-8EF2-1C9CE8524602",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
"matchCriteriaId": "FC3A1BB1-F411-41A7-B64A-8C5928680034",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "AFF7479F-4C14-4B12-A0A2-5D1A5376E38C",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "CB0357E0-F2BC-449C-A95D-96037CE0D78A",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "F1851328-A625-47EB-B9D7-439274E21C36",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "5C648817-B98A-4DC2-A68C-389AE83E4484",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "BC81D4CE-4E43-4323-B65E-204044C9C9BC",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EE228E04-E5E5-425C-8980-28BD8C8356F8",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "DECE4F11-EE4A-4FAC-B6B5-529D3F6F844D",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "B67A0A25-3ED1-4D09-BF23-9A01CFBC6F29",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "86DAFA44-AC9A-460F-B552-C6009D7EAF0D",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "68497FDD-DFBD-43CE-9C24-7536BBE35EDF",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5D61DBA7-2AFE-47E4-8A7E-3C8EE6696BF9",
"versionEndExcluding": "6.3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D325C796-B3D5-4A6A-A165-32A9CE4DC62C",
"versionEndExcluding": "6.4.12",
"versionStartIncluding": "6.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access."
}
],
"id": "CVE-2025-49461",
"lastModified": "2025-10-06T17:45:49.187",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-09-09T22:15:33.013",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25034"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-49460
Vulnerability from fkie_nvd - Published: 2025-09-09 22:15 - Updated: 2025-10-17 19:42
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
References
| URL | Tags | ||
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/ZSB-25033 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "5089DFBB-1D06-4448-AAA7-74EE48C989C2",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "614582AC-FE96-4161-A2D4-D9D75712A363",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "DC74FD2C-12E3-4EC3-96DC-53E0FF5A8FF5",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "7D7BB056-46F3-4E1F-8CC8-F63CD84406A5",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*",
"matchCriteriaId": "140433EE-35C6-42E1-8EF2-1C9CE8524602",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
"matchCriteriaId": "FC3A1BB1-F411-41A7-B64A-8C5928680034",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "AFF7479F-4C14-4B12-A0A2-5D1A5376E38C",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "CB0357E0-F2BC-449C-A95D-96037CE0D78A",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "F1851328-A625-47EB-B9D7-439274E21C36",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "5C648817-B98A-4DC2-A68C-389AE83E4484",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "BC81D4CE-4E43-4323-B65E-204044C9C9BC",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EE228E04-E5E5-425C-8980-28BD8C8356F8",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "DECE4F11-EE4A-4FAC-B6B5-529D3F6F844D",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "B67A0A25-3ED1-4D09-BF23-9A01CFBC6F29",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "86DAFA44-AC9A-460F-B552-C6009D7EAF0D",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "68497FDD-DFBD-43CE-9C24-7536BBE35EDF",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5D61DBA7-2AFE-47E4-8A7E-3C8EE6696BF9",
"versionEndExcluding": "6.3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D325C796-B3D5-4A6A-A165-32A9CE4DC62C",
"versionEndExcluding": "6.4.12",
"versionStartIncluding": "6.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access."
}
],
"id": "CVE-2025-49460",
"lastModified": "2025-10-17T19:42:52.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-09-09T22:15:32.840",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25033"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-49458
Vulnerability from fkie_nvd - Published: 2025-09-09 22:15 - Updated: 2025-10-17 19:43
Severity ?
Summary
Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network access.
References
| URL | Tags | ||
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/ZSB-25031 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "614582AC-FE96-4161-A2D4-D9D75712A363",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "DC74FD2C-12E3-4EC3-96DC-53E0FF5A8FF5",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "7D7BB056-46F3-4E1F-8CC8-F63CD84406A5",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "FC6DE63C-EFCE-46C1-AB7C-FE71C1B2536C",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "AFF7479F-4C14-4B12-A0A2-5D1A5376E38C",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "CB0357E0-F2BC-449C-A95D-96037CE0D78A",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "5C648817-B98A-4DC2-A68C-389AE83E4484",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "BC81D4CE-4E43-4323-B65E-204044C9C9BC",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EE228E04-E5E5-425C-8980-28BD8C8356F8",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "B67A0A25-3ED1-4D09-BF23-9A01CFBC6F29",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "86DAFA44-AC9A-460F-B552-C6009D7EAF0D",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "68497FDD-DFBD-43CE-9C24-7536BBE35EDF",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5D61DBA7-2AFE-47E4-8A7E-3C8EE6696BF9",
"versionEndExcluding": "6.3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D325C796-B3D5-4A6A-A165-32A9CE4DC62C",
"versionEndExcluding": "6.4.12",
"versionStartIncluding": "6.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network access."
}
],
"id": "CVE-2025-49458",
"lastModified": "2025-10-17T19:43:11.910",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
}
]
},
"published": "2025-09-09T22:15:32.483",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25031"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
CVE-2025-62483 (GCVE-0-2025-62483)
Vulnerability from cvelistv5 – Published: 2025-11-13 15:03 – Updated: 2025-11-13 15:15
VLAI?
Title
Zoom Clients - Improper Removal of Sensitive Information
Summary
Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.
Severity ?
5.3 (Medium)
CWE
- CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Clients |
Affected:
see references
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T15:14:57.914732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T15:15:51.024Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS"
],
"product": "Zoom Clients",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2025-11-11T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-212",
"description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T15:03:07.612Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25047"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Clients - Improper Removal of Sensitive Information",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-62483",
"datePublished": "2025-11-13T15:03:07.612Z",
"dateReserved": "2025-10-14T23:02:23.206Z",
"dateUpdated": "2025-11-13T15:15:51.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30662 (GCVE-0-2025-30662)
Vulnerability from cvelistv5 – Published: 2025-11-13 14:53 – Updated: 2025-11-14 04:55
VLAI?
Title
Zoom Workplace VDI Plugin macOS Universal Installer - Symlink Following
Summary
Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.
Severity ?
6.6 (Medium)
CWE
- CWE-646 - Reliance on File Name or Extension of Externally-Supplied File
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace VDI Plugin macOS Universal installer |
Affected:
see references
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30662",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T04:55:37.758Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Zoom Workplace VDI Plugin macOS Universal installer",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2025-11-11T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSymlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.\u003c/p\u003e"
}
],
"value": "Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-646",
"description": "CWE-646: Reliance on File Name or Extension of Externally-Supplied File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T14:53:09.801Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25045"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace VDI Plugin macOS Universal Installer - Symlink Following",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-30662",
"datePublished": "2025-11-13T14:53:09.801Z",
"dateReserved": "2025-03-24T22:35:25.475Z",
"dateUpdated": "2025-11-14T04:55:37.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30669 (GCVE-0-2025-30669)
Vulnerability from cvelistv5 – Published: 2025-11-13 14:49 – Updated: 2025-11-13 15:17
VLAI?
Title
Zoom Workplace Clients - Improper Certificate Validation
Summary
Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.
Severity ?
4.8 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Clients |
Affected:
see references
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30669",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T15:17:14.245561Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T15:17:54.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Zoom Workplace Clients",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2025-11-11T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eImproper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T14:49:54.870Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25044"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Clients - Improper Certificate Validation",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-30669",
"datePublished": "2025-11-13T14:49:54.870Z",
"dateReserved": "2025-03-24T22:35:25.476Z",
"dateUpdated": "2025-11-13T15:17:54.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64740 (GCVE-0-2025-64740)
Vulnerability from cvelistv5 – Published: 2025-11-13 14:35 – Updated: 2025-11-14 16:51
VLAI?
Title
Zoom Workplace VDI Client for Windows - Improper Verification of Cryptographic Signature
Summary
Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
Severity ?
7.5 (High)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace VDI Client |
Affected:
see references
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T04:55:32.349914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T16:51:22.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Workplace VDI Client",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2025-11-11T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eImproper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T14:35:39.025Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25042"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace VDI Client for Windows - Improper Verification of Cryptographic Signature",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-64740",
"datePublished": "2025-11-13T14:35:39.025Z",
"dateReserved": "2025-11-10T19:56:35.266Z",
"dateUpdated": "2025-11-14T16:51:22.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64739 (GCVE-0-2025-64739)
Vulnerability from cvelistv5 – Published: 2025-11-13 14:28 – Updated: 2025-11-14 16:51
VLAI?
Title
Zoom Clients - External Control of File Name or Path
Summary
External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.
Severity ?
4.3 (Medium)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Clients |
Affected:
see references
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T15:40:21.202791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T16:51:41.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "Zoom Clients",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2025-11-11T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eExternal control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.\u003c/p\u003e"
}
],
"value": "External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T14:28:58.527Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25041"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Clients - External Control of File Name or Path",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-64739",
"datePublished": "2025-11-13T14:28:58.527Z",
"dateReserved": "2025-11-10T19:56:35.266Z",
"dateUpdated": "2025-11-14T16:51:41.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58132 (GCVE-0-2025-58132)
Vulnerability from cvelistv5 – Published: 2025-10-15 16:10 – Updated: 2025-10-22 03:55
VLAI?
Title
Zoom Clients for Windows - Command Injection
Summary
Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.
Severity ?
4.1 (Medium)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Clients for Windows |
Affected:
see references
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T03:55:12.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Clients for Windows",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2025-10-14T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eCommand injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.\u003c/span\u003e"
}
],
"value": "Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T16:10:20.442Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25038"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Clients for Windows - Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-58132",
"datePublished": "2025-10-15T16:10:20.442Z",
"dateReserved": "2025-08-25T21:15:02.862Z",
"dateUpdated": "2025-10-22T03:55:12.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58135 (GCVE-0-2025-58135)
Vulnerability from cvelistv5 – Published: 2025-09-09 21:45 – Updated: 2025-09-10 19:33
VLAI?
Title
Zoom Workplace Clients for Windows - Improper Action Enforcement
Summary
Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.
Severity ?
5.3 (Medium)
CWE
- CWE-837 - Improper Enforcement of a Single, Unique Action
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Clients for Windows |
Affected:
0 , < see references
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T19:32:54.091406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T19:33:42.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Workplace Clients for Windows",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"lessThan": "see references",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-09-09T12:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003e\n\n\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003e\n\n\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eImproper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.\u003c/span\u003e\u003c/b\u003e\n\n\u003c/span\u003e\u003c/b\u003e\n\n\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-837",
"description": "CWE-837: Improper Enforcement of a Single, Unique Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T21:45:52.362Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25036"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Clients for Windows - Improper Action Enforcement",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-58135",
"datePublished": "2025-09-09T21:45:52.362Z",
"dateReserved": "2025-08-25T21:15:02.863Z",
"dateUpdated": "2025-09-10T19:33:42.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58134 (GCVE-0-2025-58134)
Vulnerability from cvelistv5 – Published: 2025-09-09 21:44 – Updated: 2025-09-10 20:24
VLAI?
Title
Zoom Workplace Clients for Windows - Incorrect Authorization
Summary
Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access.
Severity ?
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Clients for Windows |
Affected:
0 , < see references
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T20:24:03.992632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T20:24:12.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Workplace Clients for Windows",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"lessThan": "see references",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-09-09T12:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003e\n\n\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eIncorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access.\u003c/span\u003e\u003c/b\u003e\n\n\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T21:46:27.086Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25035"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Clients for Windows - Incorrect Authorization",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-58134",
"datePublished": "2025-09-09T21:44:01.928Z",
"dateReserved": "2025-08-25T21:15:02.863Z",
"dateUpdated": "2025-09-10T20:24:12.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49461 (GCVE-0-2025-49461)
Vulnerability from cvelistv5 – Published: 2025-09-09 21:42 – Updated: 2025-09-10 20:24
VLAI?
Title
Zoom Workplace Clients - Cross-site Scripting
Summary
Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Clients |
Affected:
0 , < see references
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T20:24:26.712640Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T20:24:36.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Clients",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"lessThan": "see references",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-09-09T12:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003e\n\n\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eCross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.\u003c/span\u003e\u003c/b\u003e\n\n\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T21:42:05.838Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25034"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Clients - Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-49461",
"datePublished": "2025-09-09T21:42:05.838Z",
"dateReserved": "2025-06-04T22:48:18.920Z",
"dateUpdated": "2025-09-10T20:24:36.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49460 (GCVE-0-2025-49460)
Vulnerability from cvelistv5 – Published: 2025-09-09 21:38 – Updated: 2025-09-10 20:25
VLAI?
Title
Zoom Workplace Clients - Argument Injection
Summary
Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
Severity ?
4.3 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Clients |
Affected:
0 , < see references
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T20:24:55.988723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T20:25:08.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Clients",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"lessThan": "see references",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-09-09T12:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eUncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T21:42:25.035Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25033"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Clients - Argument Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-49460",
"datePublished": "2025-09-09T21:38:40.910Z",
"dateReserved": "2025-06-04T22:48:18.920Z",
"dateUpdated": "2025-09-10T20:25:08.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}