cbcvebase.

Zoom Rooms vulnerabilities

107 known vulnerabilities affecting zoom/rooms.

Total CVEs
107
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH56MEDIUM49LOW1

Vulnerabilities

Page 2 of 6
CVE-2023-39206P3HIGHCVSS 7.5fixed in 5.16.02023-11-14
CVE-2023-39206 [HIGH] CWE-120 CVE-2023-39206: Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of servic Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
nvd
CVE-2023-39204P3HIGHCVSS 7.5fixed in 5.15.102023-11-14
CVE-2023-39204 [HIGH] CWE-120 CVE-2023-39204: Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of servic Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
nvd
CVE-2025-49460P3HIGHCVSS 7.5fixed in 6.5.02025-09-09
CVE-2025-49460 [HIGH] CWE-400 CVE-2025-49460: Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated use Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
nvd
CVE-2026-30902P3HIGHCVSS 7.8fixed in 6.6.02026-03-11
CVE-2026-30902 [HIGH] CWE-269 CVE-2026-30902: Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
nvd
CVE-2024-45422P3HIGHCVSS 7.5fixed in 6.2.02024-11-19
CVE-2024-45422 [HIGH] CWE-20 CVE-2024-45422: Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user t Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access.
nvd
CVE-2022-22788P3HIGHCVSS 7.8fixed in 5.10.32022-06-15
CVE-2022-22788 [HIGH] CWE-427 CVE-2022-22788: The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to j The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack.
nvd
CVE-2022-36930P3HIGHCVSS 7.8fixed in 5.13.02023-01-09
CVE-2022-36930 [HIGH] CWE-427 CVE-2022-36930: Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnera Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.
nvd
CVE-2022-36926P3HIGHCVSS 7.8fixed in 5.11.32023-01-09
CVE-2022-36926 [HIGH] CWE-78 CVE-2022-36926: Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerabilit Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
nvd
CVE-2023-22880P3HIGHCVSS 7.5fixed in 5.13.32023-03-16
CVE-2023-22880 [HIGH] CWE-200 CVE-2023-22880: Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted text to Microsoft’s online Spellcheck service instead
nvd
CVE-2021-34409P3HIGHCVSS 7.8fixed in 5.1.02021-09-27
CVE-2021-34409 [HIGH] CWE-732 CVE-2021-34409: It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In th
nvd
CVE-2026-30901P3HIGHCVSS 7.8fixed in 6.6.52026-03-11
CVE-2026-30901 [HIGH] CWE-20 CVE-2026-30901: Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenti Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access.
nvd
CVE-2023-39214P3HIGHCVSS 8.1fixed in 5.15.52023-08-08
CVE-2023-39214 [HIGH] CWE-749 CVE-2023-39214: Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
nvd
CVE-2022-36929P3HIGHCVSS 7.8fixed in 5.12.72023-01-09
CVE-2022-36929 [HIGH] CWE-367 CVE-2022-36929: The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerabi The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.
nvd
CVE-2022-36924P3HIGHCVSS 7.8fixed in 5.12.62022-11-17
CVE-2022-36924 [HIGH] CWE-427 CVE-2022-36924: The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerabi The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.
nvd
CVE-2022-36927P3HIGHCVSS 7.8fixed in 5.11.32023-01-09
CVE-2022-36927 [HIGH] CWE-367 CVE-2022-36927: Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerabilit Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
nvd
CVE-2022-28752P3HIGHCVSS 7.8fixed in 5.11.02022-08-17
CVE-2022-28752 [HIGH] CWE-347 CVE-2022-28752: Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privil Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local low-privileged malicious user could exploit this vulnerability to escalate their privileges to the SYSTEM user.
nvd
CVE-2026-30906P3HIGHCVSS 7.8fixed in 7.0.02026-05-13
CVE-2026-30906 [HIGH] CWE-426 CVE-2026-30906: Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.
nvd
CVE-2024-27241P3HIGHCVSS 7.5fixed in 6.0.02024-07-15
CVE-2024-27241 [HIGH] CWE-20 CVE-2024-27241: Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a de Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2024-24697P3HIGHCVSS 7.8fixed in 5.17.02024-02-14
CVE-2024-24697 [HIGH] CWE-426 CVE-2024-24697: Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
nvd
CVE-2023-39211P3HIGHCVSS 7.8fixed in 5.15.52023-08-08
CVE-2023-39211 [HIGH] CWE-347 CVE-2023-39211: Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5 Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.
nvd
Zoom Rooms vulnerabilities | cvebase