Zoom Rooms vulnerabilities
107 known vulnerabilities affecting zoom/rooms.
Total CVEs
107
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH56MEDIUM49LOW1
Vulnerabilities
Page 2 of 6
CVE-2023-39206P3HIGHCVSS 7.5fixed in 5.16.02023-11-14
CVE-2023-39206 [HIGH] CWE-120 CVE-2023-39206: Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of servic
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
nvd
CVE-2023-39204P3HIGHCVSS 7.5fixed in 5.15.102023-11-14
CVE-2023-39204 [HIGH] CWE-120 CVE-2023-39204: Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of servic
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
nvd
CVE-2025-49460P3HIGHCVSS 7.5fixed in 6.5.02025-09-09
CVE-2025-49460 [HIGH] CWE-400 CVE-2025-49460: Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated use
Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
nvd
CVE-2026-30902P3HIGHCVSS 7.8fixed in 6.6.02026-03-11
CVE-2026-30902 [HIGH] CWE-269 CVE-2026-30902: Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to
Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
nvd
CVE-2024-45422P3HIGHCVSS 7.5fixed in 6.2.02024-11-19
CVE-2024-45422 [HIGH] CWE-20 CVE-2024-45422: Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user t
Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access.
nvd
CVE-2022-22788P3HIGHCVSS 7.8fixed in 5.10.32022-06-15
CVE-2022-22788 [HIGH] CWE-427 CVE-2022-22788: The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to j
The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack.
nvd
CVE-2022-36930P3HIGHCVSS 7.8fixed in 5.13.02023-01-09
CVE-2022-36930 [HIGH] CWE-427 CVE-2022-36930: Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnera
Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.
nvd
CVE-2022-36926P3HIGHCVSS 7.8fixed in 5.11.32023-01-09
CVE-2022-36926 [HIGH] CWE-78 CVE-2022-36926: Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerabilit
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
nvd
CVE-2023-22880P3HIGHCVSS 7.5fixed in 5.13.32023-03-16
CVE-2023-22880 [HIGH] CWE-200 CVE-2023-22880: Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5
Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted text to Microsoft’s online Spellcheck service instead
nvd
CVE-2021-34409P3HIGHCVSS 7.8fixed in 5.1.02021-09-27
CVE-2021-34409 [HIGH] CWE-732 CVE-2021-34409: It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard
It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In th
nvd
CVE-2026-30901P3HIGHCVSS 7.8fixed in 6.6.52026-03-11
CVE-2026-30901 [HIGH] CWE-20 CVE-2026-30901: Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenti
Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access.
nvd
CVE-2023-39214P3HIGHCVSS 8.1fixed in 5.15.52023-08-08
CVE-2023-39214 [HIGH] CWE-749 CVE-2023-39214: Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
nvd
CVE-2022-36929P3HIGHCVSS 7.8fixed in 5.12.72023-01-09
CVE-2022-36929 [HIGH] CWE-367 CVE-2022-36929: The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerabi
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.
nvd
CVE-2022-36924P3HIGHCVSS 7.8fixed in 5.12.62022-11-17
CVE-2022-36924 [HIGH] CWE-427 CVE-2022-36924: The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerabi
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.
nvd
CVE-2022-36927P3HIGHCVSS 7.8fixed in 5.11.32023-01-09
CVE-2022-36927 [HIGH] CWE-367 CVE-2022-36927: Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerabilit
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
nvd
CVE-2022-28752P3HIGHCVSS 7.8fixed in 5.11.02022-08-17
CVE-2022-28752 [HIGH] CWE-347 CVE-2022-28752: Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privil
Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local low-privileged malicious user could exploit this vulnerability to escalate their privileges to the SYSTEM user.
nvd
CVE-2026-30906P3HIGHCVSS 7.8fixed in 7.0.02026-05-13
CVE-2026-30906 [HIGH] CWE-426 CVE-2026-30906: Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.
nvd
CVE-2024-27241P3HIGHCVSS 7.5fixed in 6.0.02024-07-15
CVE-2024-27241 [HIGH] CWE-20 CVE-2024-27241: Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a de
Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2024-24697P3HIGHCVSS 7.8fixed in 5.17.02024-02-14
CVE-2024-24697 [HIGH] CWE-426 CVE-2024-24697: Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct
Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
nvd
CVE-2023-39211P3HIGHCVSS 7.8fixed in 5.15.52023-08-08
CVE-2023-39211 [HIGH] CWE-347 CVE-2023-39211: Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5
Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.
nvd