Zoom Rooms vulnerabilities
107 known vulnerabilities affecting zoom/rooms.
Total CVEs
107
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH56MEDIUM49LOW1
Vulnerabilities
Page 1 of 6
CVE-2024-24691P3CRITICALCVSS 9.8fixed in 5.17.02024-02-14
CVE-2024-24691 [CRITICAL] CWE-176 CVE-2024-24691: Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
nvd
CVE-2024-45421P3HIGHCVSS 8.8fixed in 6.2.02025-02-25
CVE-2024-45421 [HIGH] CWE-122 CVE-2024-45421: Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privil
Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
nvd
CVE-2025-27440P3HIGHCVSS 8.8fixed in 6.3.02025-03-11
CVE-2025-27440 [HIGH] CWE-124 CVE-2025-27440: Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation o
Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
nvd
CVE-2025-27439P3HIGHCVSS 8.8fixed in 6.3.02025-03-11
CVE-2025-27439 [HIGH] CWE-124 CVE-2025-27439: Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalatio
Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
nvd
CVE-2025-58133P3HIGHCVSS 7.5fixed in 6.5.12025-10-15
CVE-2025-58133 [HIGH] CWE-288 CVE-2025-58133: Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated u
Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access.
nvd
CVE-2025-49457P3HIGHCVSS 8.8fixed in 6.3.102025-08-12
CVE-2025-49457 [HIGH] CWE-426 CVE-2025-49457: Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to condu
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access
nvd
CVE-2024-39825P3HIGHCVSS 8.5fixed in 6.0.02024-08-14
CVE-2024-39825 [HIGH] CWE-122 CVE-2024-39825: Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to con
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.
nvd
CVE-2024-45418P3HIGHCVSS 8.8fixed in 6.1.52025-02-25
CVE-2024-45418 [HIGH] CWE-61 CVE-2024-45418: Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an au
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.
nvd
CVE-2023-34121P3HIGHCVSS 8.8fixed in 5.14.02023-06-13
CVE-2023-34121 [HIGH] CWE-79 CVE-2023-34121: Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients be
Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.
nvd
CVE-2023-43582P3HIGHCVSS 8.8fixed in 5.16.02023-11-15
CVE-2023-43582 [HIGH] CWE-939 CVE-2023-43582: Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.
nvd
CVE-2025-0151P3HIGHCVSS 8.8fixed in 6.3.02025-03-11
CVE-2025-0151 [HIGH] CWE-416 CVE-2025-0151: Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation
Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
nvd
CVE-2025-64739P3HIGHCVSS 7.5fixed in 6.5.102025-11-13
CVE-2025-64739 [HIGH] CWE-73 CVE-2025-64739: External control of file name or path in certain Zoom Clients may allow an unauthenticated user to c
External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.
nvd
CVE-2022-22786P3HIGHCVSS 8.8fixed in 5.10.02022-05-18
CVE-2022-22786 [HIGH] CWE-494 CVE-2022-22786: The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room fo
The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version.
nvd
CVE-2025-58132P3MEDIUMCVSS 6.5fixed in 6.5.52025-10-15
CVE-2025-58132 [MEDIUM] CWE-77 CVE-2025-58132: Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disc
Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.
nvd
CVE-2024-45419P3HIGHCVSS 7.5fixed in 6.2.02024-11-19
CVE-2024-45419 [HIGH] CWE-252 CVE-2024-45419: Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosur
Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
nvd
CVE-2024-45424P3HIGHCVSS 7.5fixed in 6.1.02025-02-25
CVE-2024-45424 [HIGH] CWE-840 CVE-2024-45424: Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disc
Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
nvd
CVE-2025-62483P3HIGHCVSS 7.5fixed in 6.5.102025-11-13
CVE-2025-62483 [HIGH] CWE-212 CVE-2025-62483: Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an
Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.
nvd
CVE-2025-67460P3HIGHCVSS 7.8fixed in 6.6.02025-12-10
CVE-2025-67460 [HIGH] CWE-693 CVE-2025-67460: Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow
Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access.
nvd
CVE-2023-28597P3HIGHCVSS 7.5fixed in 5.13.52023-03-27
CVE-2023-28597 [HIGH] CWE-501 CVE-2023-28597: Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a v
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the cl
nvd
CVE-2023-36532P3HIGHCVSS 7.5fixed in 5.14.52023-08-08
CVE-2023-36532 [HIGH] CWE-122 CVE-2023-36532: Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial o
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.
nvd
1 / 6Next →