Zoom Meeting Software Development Kit vulnerabilities
84 known vulnerabilities affecting zoom/meeting_software_development_kit.
Total CVEs
84
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH27MEDIUM53
Vulnerabilities
Page 2 of 5
CVE-2024-45422P3HIGHCVSS 7.5fixed in 6.2.02024-11-19
CVE-2024-45422 [HIGH] CWE-20 CVE-2024-45422: Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user t
Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access.
nvd
CVE-2026-30900P3HIGHCVSS 7.8≥ 6.6.0, < 6.6.112026-03-11
CVE-2026-30900 [HIGH] CWE-754 CVE-2026-30900: Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may al
Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
nvd
CVE-2023-39214P3HIGHCVSS 8.1fixed in 5.15.52023-08-08
CVE-2023-39214 [HIGH] CWE-749 CVE-2023-39214: Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
nvd
CVE-2024-27241P3HIGHCVSS 7.5fixed in 6.0.02024-07-15
CVE-2024-27241 [HIGH] CWE-20 CVE-2024-27241: Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a de
Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2024-24697P3HIGHCVSS 7.8fixed in 5.17.02024-02-14
CVE-2024-24697 [HIGH] CWE-426 CVE-2024-24697: Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct
Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
nvd
CVE-2023-49647P3HIGHCVSS 7.8fixed in 5.16.102024-01-12
CVE-2023-49647 [HIGH] CWE-266 CVE-2023-49647: Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SD
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.
nvd
CVE-2025-0149P3HIGHCVSS 7.5fixed in 6.3.02025-03-11
CVE-2025-0149 [HIGH] CWE-345 CVE-2025-0149: Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged
Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access.
nvd
CVE-2025-0144P3MEDIUMCVSS 6.5fixed in 6.2.52025-01-30
CVE-2025-0144 [MEDIUM] CWE-787 CVE-2025-0144: Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of in
Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.
nvd
CVE-2025-0145P3HIGHCVSS 7.8fixed in 6.2.52025-01-30
CVE-2025-0145 [HIGH] CWE-426 CVE-2025-0145: Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authori
Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.
nvd
CVE-2023-43585P3MEDIUMCVSS 6.5fixed in 5.16.0fixed in 5.16.52023-12-13
CVE-2023-43585 [MEDIUM] CWE-449 CVE-2023-43585: Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may a
Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.
nvd
CVE-2024-45425P3MEDIUMCVSS 6.5fixed in 6.1.02025-02-25
CVE-2024-45425 [MEDIUM] CWE-286 CVE-2024-45425: Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an info
Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
nvd
CVE-2025-58135P3MEDIUMCVSS 6.5fixed in 6.5.02025-09-09
CVE-2025-58135 [MEDIUM] CWE-837 CVE-2025-58135: Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticat
Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.
nvd
CVE-2025-30664P4HIGHCVSS 8.2fixed in 6.4.02025-05-14
CVE-2025-30664 [HIGH] CWE-79 CVE-2025-30664: Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escal
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
nvd
CVE-2025-49461P4HIGHCVSS 7.4fixed in 6.5.02025-09-09
CVE-2025-49461 [HIGH] CWE-79 CVE-2025-49461: Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct
Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
nvd
CVE-2024-39819P4HIGHCVSS 7.3fixed in 6.0.102024-07-15
CVE-2024-39819 [HIGH] CWE-494 CVE-2024-39819: Integrity check in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an auth
Integrity check in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access.
nvd
CVE-2024-24696P4MEDIUMCVSS 6.5fixed in 5.17.02024-02-14
CVE-2024-24696 [MEDIUM] CWE-20 CVE-2024-24696: Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
nvd
CVE-2024-24695P4MEDIUMCVSS 6.5fixed in 5.16.52024-02-14
CVE-2024-24695 [MEDIUM] CWE-20 CVE-2024-24695: Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
nvd
CVE-2024-45426P4MEDIUMCVSS 6.5fixed in 6.1.02025-02-25
CVE-2024-45426 [MEDIUM] CWE-708 CVE-2024-45426: Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
nvd
CVE-2024-24690P4MEDIUMCVSS 6.5fixed in 5.16.52024-02-14
CVE-2024-24690 [MEDIUM] CWE-1284 CVE-2024-24690: Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial o
Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2024-39822P4MEDIUMCVSS 6.5fixed in 6.0.122024-08-14
CVE-2024-39822 [MEDIUM] CWE-200 CVE-2024-39822: Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controlle
Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.
nvd