Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    76 vulnerabilities by Zoom Communications Inc.

    CVE-2026-30902 (GCVE-0-2026-30902)

    Vulnerability from nvd – Published: 2026-03-11 14:50 – Updated: 2026-03-12 03:55
    VLAI
    Title
    Zoom Clients for Windows - Improper Privilege Management
    Summary
    Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-30902",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T03:55:32.802Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Zoom Workplace",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access."
                }
              ],
              "value": "Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269: Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-11T14:50:51.685Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26004"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Clients for Windows - Improper Privilege Management",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2026-30902",
        "datePublished": "2026-03-11T14:50:51.685Z",
        "dateReserved": "2026-03-06T18:44:57.631Z",
        "dateUpdated": "2026-03-12T03:55:32.802Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-30901 (GCVE-0-2026-30901)

    Vulnerability from nvd – Published: 2026-03-11 14:47 – Updated: 2026-03-12 03:55
    VLAI
    Title
    Zoom Rooms for Windows - Improper Input Validation
    Summary
    Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper input validation
    Assigner
    Impacted products
    Vendor Product Version
    Zoom Communications Inc. Zoom Rooms Affected: 0 , < 6.6.5 (custom)
    Create a notification for this product.
    Date Public
    2026-03-10 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-30901",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T03:55:32.138Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Zoom Rooms",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "lessThan": "6.6.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-03-10T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access."
                }
              ],
              "value": "Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper input validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-11T14:47:42.729Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26003"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Rooms for Windows - Improper Input Validation",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2026-30901",
        "datePublished": "2026-03-11T14:47:42.729Z",
        "dateReserved": "2026-03-06T18:44:57.630Z",
        "dateUpdated": "2026-03-12T03:55:32.138Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-30900 (GCVE-0-2026-30900)

    Vulnerability from nvd – Published: 2026-03-11 14:44 – Updated: 2026-03-12 03:55
    VLAI
    Title
    Zoom Workplace Clients for Windows - Improper Check
    Summary
    Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    Zoom Communications Inc. Zoom Workplace Affected: 6.6.0 , < 6.6.11 (custom)
    Create a notification for this product.
    Date Public
    2026-03-10 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-30900",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T03:55:30.656Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Zoom Workplace",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "lessThan": "6.6.11",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-03-10T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access."
                }
              ],
              "value": "Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-11T14:44:36.366Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26002"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Clients for Windows - Improper Check",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2026-30900",
        "datePublished": "2026-03-11T14:44:36.366Z",
        "dateReserved": "2026-03-06T18:44:57.630Z",
        "dateUpdated": "2026-03-12T03:55:30.656Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22844 (GCVE-0-2026-22844)

    Vulnerability from nvd – Published: 2026-01-20 13:57 – Updated: 2026-01-20 16:45
    VLAI
    Title
    Zoom Node Deployments - Command Injection
    Summary
    A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Zoom Communications Inc. Zoom Node Affected: 0 , < 5.2.1716.0 (custom)
    Create a notification for this product.
    Date Public
    2026-01-20 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22844",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-20T16:45:07.547573Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-20T16:45:18.457Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Zoom Node",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "lessThan": "5.2.1716.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-01-20T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eA Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-20T13:57:44.803Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26001"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Node Deployments - Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2026-22844",
        "datePublished": "2026-01-20T13:57:44.803Z",
        "dateReserved": "2026-01-12T12:20:38.435Z",
        "dateUpdated": "2026-01-20T16:45:18.457Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-67461 (GCVE-0-2025-67461)

    Vulnerability from nvd – Published: 2025-12-10 20:29 – Updated: 2025-12-10 21:27
    VLAI
    Title
    Zoom Rooms for macOS - External Control of File Name or Path
    Summary
    External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Vendor Product Version
    Zoom Communications Inc. Zoom Rooms Affected: 0 , < 6.6.0 (custom)
    Create a notification for this product.
    Date Public
    2025-12-09 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67461",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-10T21:26:46.597412Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-10T21:27:08.795Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Zoom Rooms",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "lessThan": "6.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-12-09T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eExternal control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-10T20:29:36.221Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25051"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Rooms for macOS - External Control of File Name or Path",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-67461",
        "datePublished": "2025-12-10T20:29:36.221Z",
        "dateReserved": "2025-12-08T13:59:49.274Z",
        "dateUpdated": "2025-12-10T21:27:08.795Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-67460 (GCVE-0-2025-67460)

    Vulnerability from nvd – Published: 2025-12-10 20:37 – Updated: 2026-02-26 16:21
    VLAI
    Title
    Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure
    Summary
    Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    Impacted products
    Vendor Product Version
    Zoom Communications Inc. Zoom Rooms Affected: 0 , < 6.6.0 (custom)
    Create a notification for this product.
    Date Public
    2025-12-09 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67460",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-12T04:55:50.283551Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:21:05.280Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Zoom Rooms",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "lessThan": "6.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-12-09T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eProtection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693: Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-10T20:37:03.144Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25050"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-67460",
        "datePublished": "2025-12-10T20:37:03.144Z",
        "dateReserved": "2025-12-08T13:59:49.274Z",
        "dateUpdated": "2026-02-26T16:21:05.280Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62484 (GCVE-0-2025-62484)

    Vulnerability from nvd – Published: 2025-11-13 15:07 – Updated: 2026-02-26 16:57
    VLAI
    Title
    Zoom Workplace Clients - Inefficient Regular Expression Complexity
    Summary
    Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    Impacted products
    Vendor Product Version
    Zoom Communications Inc. Zoom Workplace Affected: 0 , < 6.5.10 (custom)
    Create a notification for this product.
    Date Public
    2025-11-11 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62484",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-14T04:55:33.851257Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:57:04.152Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "lessThan": "6.5.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-11-11T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eInefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.\u003c/p\u003e"
                }
              ],
              "value": "Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "CWE-1333: Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T15:07:57.937Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25048"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Clients - Inefficient Regular Expression Complexity",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-62484",
        "datePublished": "2025-11-13T15:07:57.937Z",
        "dateReserved": "2025-10-14T23:02:23.206Z",
        "dateUpdated": "2026-02-26T16:57:04.152Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64741 (GCVE-0-2025-64741)

    Vulnerability from nvd – Published: 2025-11-13 14:46 – Updated: 2026-02-26 16:57
    VLAI
    Title
    Zoom Workplace for Android - Improper Authorization Handling
    Summary
    Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Impacted products
    Date Public
    2025-11-11 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64741",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-14T04:55:33.073352Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:57:05.705Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Android"
              ],
              "product": "Zoom Workplace for Android",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "lessThan": "6.5.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-11-11T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eImproper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T14:46:59.205Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25043"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace for Android - Improper Authorization Handling",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-64741",
        "datePublished": "2025-11-13T14:46:59.205Z",
        "dateReserved": "2025-11-10T19:56:35.266Z",
        "dateUpdated": "2026-02-26T16:57:05.705Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64740 (GCVE-0-2025-64740)

    Vulnerability from nvd – Published: 2025-11-13 14:35 – Updated: 2026-02-26 16:57
    VLAI
    Title
    Zoom Workplace VDI Client for Windows - Improper Verification of Cryptographic Signature
    Summary
    Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Date Public
    2025-11-11 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64740",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-14T04:55:32.349914Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:57:06.217Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Zoom Workplace VDI Client",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2025-11-11T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eImproper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347 Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T14:35:39.025Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25042"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace VDI Client for Windows - Improper Verification of Cryptographic Signature",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-64740",
        "datePublished": "2025-11-13T14:35:39.025Z",
        "dateReserved": "2025-11-10T19:56:35.266Z",
        "dateUpdated": "2026-02-26T16:57:06.217Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64739 (GCVE-0-2025-64739)

    Vulnerability from nvd – Published: 2025-11-13 14:28 – Updated: 2025-11-14 16:51
    VLAI
    Title
    Zoom Clients - External Control of File Name or Path
    Summary
    External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Date Public
    2025-11-11 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-13T15:40:21.202791Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-14T16:51:41.747Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux"
              ],
              "product": "Zoom Clients",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2025-11-11T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eExternal control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.\u003c/p\u003e"
                }
              ],
              "value": "External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T14:28:58.527Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25041"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Clients - External Control of File Name or Path",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-64739",
        "datePublished": "2025-11-13T14:28:58.527Z",
        "dateReserved": "2025-11-10T19:56:35.266Z",
        "dateUpdated": "2025-11-14T16:51:41.747Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64738 (GCVE-0-2025-64738)

    Vulnerability from nvd – Published: 2025-11-13 14:23 – Updated: 2025-11-14 16:52
    VLAI
    Title
    Zoom Workplace for macOS - External Control of File Name or Path
    Summary
    External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Date Public
    2025-11-11 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64738",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-13T15:40:31.988059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-14T16:52:02.952Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Zoom Workplace for macOS",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "lessThan": "6.5.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-11-11T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eExternal control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T14:23:00.704Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25040"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace for macOS - External Control of File Name or Path",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-64738",
        "datePublished": "2025-11-13T14:23:00.704Z",
        "dateReserved": "2025-11-10T19:56:35.266Z",
        "dateUpdated": "2025-11-14T16:52:02.952Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62483 (GCVE-0-2025-62483)

    Vulnerability from nvd – Published: 2025-11-13 15:03 – Updated: 2025-11-13 15:15
    VLAI
    Title
    Zoom Clients - Improper Removal of Sensitive Information
    Summary
    Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
    Assigner
    Impacted products
    Date Public
    2025-11-11 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62483",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-13T15:14:57.914732Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-13T15:15:51.024Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS"
              ],
              "product": "Zoom Clients",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2025-11-11T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eImproper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-212",
                  "description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T15:03:07.612Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25047"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Clients - Improper Removal of Sensitive Information",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-62483",
        "datePublished": "2025-11-13T15:03:07.612Z",
        "dateReserved": "2025-10-14T23:02:23.206Z",
        "dateUpdated": "2025-11-13T15:15:51.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62482 (GCVE-0-2025-62482)

    Vulnerability from nvd – Published: 2025-11-13 14:56 – Updated: 2025-11-13 15:38
    VLAI
    Title
    Zoom Workplace for Windows - Cross-site Scripting
    Summary
    Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Zoom Communications Inc. Zoom Workplace Affected: 0 , < 6.5.10 (custom)
    Create a notification for this product.
    Date Public
    2025-11-11 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62482",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-13T15:33:29.118715Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-13T15:38:29.563Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Zoom Workplace",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "lessThan": "6.5.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-11-11T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eCross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T14:56:25.642Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25046"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace for Windows - Cross-site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-62482",
        "datePublished": "2025-11-13T14:56:25.642Z",
        "dateReserved": "2025-10-14T23:02:23.206Z",
        "dateUpdated": "2025-11-13T15:38:29.563Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-30669 (GCVE-0-2025-30669)

    Vulnerability from nvd – Published: 2025-11-13 14:49 – Updated: 2025-11-13 15:17
    VLAI
    Title
    Zoom Workplace Clients - Improper Certificate Validation
    Summary
    Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Date Public
    2025-11-11 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30669",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-13T15:17:14.245561Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-13T15:17:54.292Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux"
              ],
              "product": "Zoom Workplace Clients",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2025-11-11T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eImproper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T14:49:54.870Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25044"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Clients - Improper Certificate Validation",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-30669",
        "datePublished": "2025-11-13T14:49:54.870Z",
        "dateReserved": "2025-03-24T22:35:25.476Z",
        "dateUpdated": "2025-11-13T15:17:54.292Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-30662 (GCVE-0-2025-30662)

    Vulnerability from nvd – Published: 2025-11-13 14:53 – Updated: 2026-02-26 16:57
    VLAI
    Title
    Zoom Workplace VDI Plugin macOS Universal Installer - Symlink Following
    Summary
    Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-646 - Reliance on File Name or Extension of Externally-Supplied File
    Assigner
    Impacted products
    Date Public
    2025-11-11 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30662",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-14T04:55:38.145806Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:57:05.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Zoom Workplace VDI Plugin macOS Universal installer",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2025-11-11T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSymlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.\u003c/p\u003e"
                }
              ],
              "value": "Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-646",
                  "description": "CWE-646: Reliance on File Name or Extension of Externally-Supplied File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T14:53:09.801Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25045"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace VDI Plugin macOS Universal Installer - Symlink Following",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-30662",
        "datePublished": "2025-11-13T14:53:09.801Z",
        "dateReserved": "2025-03-24T22:35:25.475Z",
        "dateUpdated": "2026-02-26T16:57:05.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-30902 (GCVE-0-2026-30902)

    Vulnerability from cvelistv5 – Published: 2026-03-11 14:50 – Updated: 2026-03-12 03:55
    VLAI
    Title
    Zoom Clients for Windows - Improper Privilege Management
    Summary
    Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-30902",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T03:55:32.802Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Zoom Workplace",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access."
                }
              ],
              "value": "Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269: Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-11T14:50:51.685Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26004"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Clients for Windows - Improper Privilege Management",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2026-30902",
        "datePublished": "2026-03-11T14:50:51.685Z",
        "dateReserved": "2026-03-06T18:44:57.631Z",
        "dateUpdated": "2026-03-12T03:55:32.802Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-30901 (GCVE-0-2026-30901)

    Vulnerability from cvelistv5 – Published: 2026-03-11 14:47 – Updated: 2026-03-12 03:55
    VLAI
    Title
    Zoom Rooms for Windows - Improper Input Validation
    Summary
    Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper input validation
    Assigner
    Impacted products
    Vendor Product Version
    Zoom Communications Inc. Zoom Rooms Affected: 0 , < 6.6.5 (custom)
    Create a notification for this product.
    Date Public
    2026-03-10 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-30901",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T03:55:32.138Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Zoom Rooms",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "lessThan": "6.6.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-03-10T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access."
                }
              ],
              "value": "Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper input validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-11T14:47:42.729Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26003"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Rooms for Windows - Improper Input Validation",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2026-30901",
        "datePublished": "2026-03-11T14:47:42.729Z",
        "dateReserved": "2026-03-06T18:44:57.630Z",
        "dateUpdated": "2026-03-12T03:55:32.138Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-30900 (GCVE-0-2026-30900)

    Vulnerability from cvelistv5 – Published: 2026-03-11 14:44 – Updated: 2026-03-12 03:55
    VLAI
    Title
    Zoom Workplace Clients for Windows - Improper Check
    Summary
    Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    Zoom Communications Inc. Zoom Workplace Affected: 6.6.0 , < 6.6.11 (custom)
    Create a notification for this product.
    Date Public
    2026-03-10 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-30900",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T03:55:30.656Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Zoom Workplace",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "lessThan": "6.6.11",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-03-10T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access."
                }
              ],
              "value": "Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-11T14:44:36.366Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26002"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Clients for Windows - Improper Check",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2026-30900",
        "datePublished": "2026-03-11T14:44:36.366Z",
        "dateReserved": "2026-03-06T18:44:57.630Z",
        "dateUpdated": "2026-03-12T03:55:30.656Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22844 (GCVE-0-2026-22844)

    Vulnerability from cvelistv5 – Published: 2026-01-20 13:57 – Updated: 2026-01-20 16:45
    VLAI
    Title
    Zoom Node Deployments - Command Injection
    Summary
    A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Zoom Communications Inc. Zoom Node Affected: 0 , < 5.2.1716.0 (custom)
    Create a notification for this product.
    Date Public
    2026-01-20 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22844",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-20T16:45:07.547573Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-20T16:45:18.457Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Zoom Node",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "lessThan": "5.2.1716.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-01-20T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eA Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-20T13:57:44.803Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26001"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Node Deployments - Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2026-22844",
        "datePublished": "2026-01-20T13:57:44.803Z",
        "dateReserved": "2026-01-12T12:20:38.435Z",
        "dateUpdated": "2026-01-20T16:45:18.457Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-67460 (GCVE-0-2025-67460)

    Vulnerability from cvelistv5 – Published: 2025-12-10 20:37 – Updated: 2026-02-26 16:21
    VLAI
    Title
    Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure
    Summary
    Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    Impacted products
    Vendor Product Version
    Zoom Communications Inc. Zoom Rooms Affected: 0 , < 6.6.0 (custom)
    Create a notification for this product.
    Date Public
    2025-12-09 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67460",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-12T04:55:50.283551Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:21:05.280Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Zoom Rooms",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "lessThan": "6.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-12-09T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eProtection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693: Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-10T20:37:03.144Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25050"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-67460",
        "datePublished": "2025-12-10T20:37:03.144Z",
        "dateReserved": "2025-12-08T13:59:49.274Z",
        "dateUpdated": "2026-02-26T16:21:05.280Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-67461 (GCVE-0-2025-67461)

    Vulnerability from cvelistv5 – Published: 2025-12-10 20:29 – Updated: 2025-12-10 21:27
    VLAI
    Title
    Zoom Rooms for macOS - External Control of File Name or Path
    Summary
    External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Vendor Product Version
    Zoom Communications Inc. Zoom Rooms Affected: 0 , < 6.6.0 (custom)
    Create a notification for this product.
    Date Public
    2025-12-09 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67461",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-10T21:26:46.597412Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-10T21:27:08.795Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Zoom Rooms",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "lessThan": "6.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-12-09T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eExternal control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-10T20:29:36.221Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25051"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Rooms for macOS - External Control of File Name or Path",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-67461",
        "datePublished": "2025-12-10T20:29:36.221Z",
        "dateReserved": "2025-12-08T13:59:49.274Z",
        "dateUpdated": "2025-12-10T21:27:08.795Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62484 (GCVE-0-2025-62484)

    Vulnerability from cvelistv5 – Published: 2025-11-13 15:07 – Updated: 2026-02-26 16:57
    VLAI
    Title
    Zoom Workplace Clients - Inefficient Regular Expression Complexity
    Summary
    Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    Impacted products
    Vendor Product Version
    Zoom Communications Inc. Zoom Workplace Affected: 0 , < 6.5.10 (custom)
    Create a notification for this product.
    Date Public
    2025-11-11 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62484",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-14T04:55:33.851257Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:57:04.152Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "lessThan": "6.5.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-11-11T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eInefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.\u003c/p\u003e"
                }
              ],
              "value": "Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "CWE-1333: Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T15:07:57.937Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25048"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Clients - Inefficient Regular Expression Complexity",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-62484",
        "datePublished": "2025-11-13T15:07:57.937Z",
        "dateReserved": "2025-10-14T23:02:23.206Z",
        "dateUpdated": "2026-02-26T16:57:04.152Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62483 (GCVE-0-2025-62483)

    Vulnerability from cvelistv5 – Published: 2025-11-13 15:03 – Updated: 2025-11-13 15:15
    VLAI
    Title
    Zoom Clients - Improper Removal of Sensitive Information
    Summary
    Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
    Assigner
    Impacted products
    Date Public
    2025-11-11 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62483",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-13T15:14:57.914732Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-13T15:15:51.024Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS"
              ],
              "product": "Zoom Clients",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2025-11-11T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eImproper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-212",
                  "description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T15:03:07.612Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25047"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Clients - Improper Removal of Sensitive Information",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-62483",
        "datePublished": "2025-11-13T15:03:07.612Z",
        "dateReserved": "2025-10-14T23:02:23.206Z",
        "dateUpdated": "2025-11-13T15:15:51.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62482 (GCVE-0-2025-62482)

    Vulnerability from cvelistv5 – Published: 2025-11-13 14:56 – Updated: 2025-11-13 15:38
    VLAI
    Title
    Zoom Workplace for Windows - Cross-site Scripting
    Summary
    Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Zoom Communications Inc. Zoom Workplace Affected: 0 , < 6.5.10 (custom)
    Create a notification for this product.
    Date Public
    2025-11-11 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62482",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-13T15:33:29.118715Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-13T15:38:29.563Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Zoom Workplace",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "lessThan": "6.5.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-11-11T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eCross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T14:56:25.642Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25046"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace for Windows - Cross-site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-62482",
        "datePublished": "2025-11-13T14:56:25.642Z",
        "dateReserved": "2025-10-14T23:02:23.206Z",
        "dateUpdated": "2025-11-13T15:38:29.563Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-30662 (GCVE-0-2025-30662)

    Vulnerability from cvelistv5 – Published: 2025-11-13 14:53 – Updated: 2026-02-26 16:57
    VLAI
    Title
    Zoom Workplace VDI Plugin macOS Universal Installer - Symlink Following
    Summary
    Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-646 - Reliance on File Name or Extension of Externally-Supplied File
    Assigner
    Impacted products
    Date Public
    2025-11-11 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30662",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-14T04:55:38.145806Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:57:05.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Zoom Workplace VDI Plugin macOS Universal installer",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2025-11-11T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSymlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.\u003c/p\u003e"
                }
              ],
              "value": "Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-646",
                  "description": "CWE-646: Reliance on File Name or Extension of Externally-Supplied File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T14:53:09.801Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25045"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace VDI Plugin macOS Universal Installer - Symlink Following",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-30662",
        "datePublished": "2025-11-13T14:53:09.801Z",
        "dateReserved": "2025-03-24T22:35:25.475Z",
        "dateUpdated": "2026-02-26T16:57:05.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-30669 (GCVE-0-2025-30669)

    Vulnerability from cvelistv5 – Published: 2025-11-13 14:49 – Updated: 2025-11-13 15:17
    VLAI
    Title
    Zoom Workplace Clients - Improper Certificate Validation
    Summary
    Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Date Public
    2025-11-11 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30669",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-13T15:17:14.245561Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-13T15:17:54.292Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux"
              ],
              "product": "Zoom Workplace Clients",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2025-11-11T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eImproper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T14:49:54.870Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25044"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Clients - Improper Certificate Validation",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-30669",
        "datePublished": "2025-11-13T14:49:54.870Z",
        "dateReserved": "2025-03-24T22:35:25.476Z",
        "dateUpdated": "2025-11-13T15:17:54.292Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64741 (GCVE-0-2025-64741)

    Vulnerability from cvelistv5 – Published: 2025-11-13 14:46 – Updated: 2026-02-26 16:57
    VLAI
    Title
    Zoom Workplace for Android - Improper Authorization Handling
    Summary
    Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Impacted products
    Date Public
    2025-11-11 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64741",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-14T04:55:33.073352Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:57:05.705Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Android"
              ],
              "product": "Zoom Workplace for Android",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "lessThan": "6.5.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-11-11T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eImproper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T14:46:59.205Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25043"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace for Android - Improper Authorization Handling",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-64741",
        "datePublished": "2025-11-13T14:46:59.205Z",
        "dateReserved": "2025-11-10T19:56:35.266Z",
        "dateUpdated": "2026-02-26T16:57:05.705Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64740 (GCVE-0-2025-64740)

    Vulnerability from cvelistv5 – Published: 2025-11-13 14:35 – Updated: 2026-02-26 16:57
    VLAI
    Title
    Zoom Workplace VDI Client for Windows - Improper Verification of Cryptographic Signature
    Summary
    Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Date Public
    2025-11-11 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64740",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-14T04:55:32.349914Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:57:06.217Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Zoom Workplace VDI Client",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2025-11-11T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eImproper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347 Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T14:35:39.025Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25042"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace VDI Client for Windows - Improper Verification of Cryptographic Signature",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-64740",
        "datePublished": "2025-11-13T14:35:39.025Z",
        "dateReserved": "2025-11-10T19:56:35.266Z",
        "dateUpdated": "2026-02-26T16:57:06.217Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64739 (GCVE-0-2025-64739)

    Vulnerability from cvelistv5 – Published: 2025-11-13 14:28 – Updated: 2025-11-14 16:51
    VLAI
    Title
    Zoom Clients - External Control of File Name or Path
    Summary
    External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Date Public
    2025-11-11 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-13T15:40:21.202791Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-14T16:51:41.747Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux"
              ],
              "product": "Zoom Clients",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2025-11-11T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eExternal control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.\u003c/p\u003e"
                }
              ],
              "value": "External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T14:28:58.527Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25041"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Clients - External Control of File Name or Path",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-64739",
        "datePublished": "2025-11-13T14:28:58.527Z",
        "dateReserved": "2025-11-10T19:56:35.266Z",
        "dateUpdated": "2025-11-14T16:51:41.747Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64738 (GCVE-0-2025-64738)

    Vulnerability from cvelistv5 – Published: 2025-11-13 14:23 – Updated: 2025-11-14 16:52
    VLAI
    Title
    Zoom Workplace for macOS - External Control of File Name or Path
    Summary
    External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Date Public
    2025-11-11 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64738",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-13T15:40:31.988059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-14T16:52:02.952Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Zoom Workplace for macOS",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "lessThan": "6.5.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-11-11T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eExternal control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T14:23:00.704Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25040"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace for macOS - External Control of File Name or Path",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2025-64738",
        "datePublished": "2025-11-13T14:23:00.704Z",
        "dateReserved": "2025-11-10T19:56:35.266Z",
        "dateUpdated": "2025-11-14T16:52:02.952Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }