Zoom Rooms vulnerabilities
107 known vulnerabilities affecting zoom/rooms.
Total CVEs
107
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH56MEDIUM49LOW1
Vulnerabilities
Page 3 of 6
CVE-2023-34119P3HIGHCVSS 7.8fixed in 5.15.02023-07-11
CVE-2023-34119 [HIGH] CWE-426 CVE-2023-34119: Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow
Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
nvd
CVE-2023-43591P3HIGHCVSS 7.8fixed in 5.16.02023-11-15
CVE-2023-43591 [HIGH] CWE-280 CVE-2023-43591: Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authentica
Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
nvd
CVE-2025-0149P3HIGHCVSS 7.5fixed in 6.3.02025-03-11
CVE-2025-0149 [HIGH] CWE-345 CVE-2025-0149: Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged
Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access.
nvd
CVE-2025-0144P3MEDIUMCVSS 6.5fixed in 6.2.52025-01-30
CVE-2025-0144 [MEDIUM] CWE-787 CVE-2025-0144: Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of in
Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.
nvd
CVE-2023-43590P3HIGHCVSS 7.8fixed in 5.16.02023-11-15
CVE-2023-43590 [HIGH] CWE-59 CVE-2023-43590: Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to con
Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
nvd
CVE-2025-0145P3HIGHCVSS 7.8fixed in 6.2.52025-01-30
CVE-2025-0145 [HIGH] CWE-426 CVE-2025-0145: Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authori
Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.
nvd
CVE-2021-34411P3HIGHCVSS 7.8fixed in 5.3.02021-09-27
CVE-2021-34411 [HIGH] CWE-269 CVE-2021-34411: During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 i
During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.
nvd
CVE-2023-36536P3HIGHCVSS 7.8fixed in 5.15.02023-07-11
CVE-2023-36536 [HIGH] CWE-426 CVE-2023-36536: Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow a
Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
nvd
CVE-2023-36538P3HIGHCVSS 7.8fixed in 5.15.02023-07-11
CVE-2023-36538 [HIGH] CWE-426 CVE-2023-36538: Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated u
Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
nvd
CVE-2023-34118P3HIGHCVSS 7.8fixed in 5.14.52023-07-11
CVE-2023-34118 [HIGH] CWE-250 CVE-2023-34118: Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authentic
Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
nvd
CVE-2023-36537P3HIGHCVSS 7.8fixed in 5.14.52023-07-11
CVE-2023-36537 [HIGH] CWE-354 CVE-2023-36537: Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authentic
Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
nvd
CVE-2022-28766P3HIGHCVSS 7.3fixed in 5.12.62022-11-17
CVE-2022-28766 [HIGH] CWE-94 CVE-2022-28766: Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference
Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.
nvd
CVE-2022-36925P3HIGHCVSS 7.8fixed in 5.11.42023-01-09
CVE-2022-36925 [HIGH] CWE-321 CVE-2022-36925: Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to ex
nvd
CVE-2023-36539P3HIGHCVSS 7.5v5.15.02023-06-30
CVE-2023-36539 [HIGH] CWE-200 CVE-2023-36539: Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sens
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
nvd
CVE-2024-24699P3MEDIUMCVSS 6.5fixed in 5.17.02024-02-14
CVE-2024-24699 [MEDIUM] CVE-2024-24699: Business logic error in some Zoom clients may allow an authenticated user to conduct information dis
Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.
nvd
CVE-2024-27240P3HIGHCVSS 7.8fixed in 6.0.02024-07-15
CVE-2024-27240 [HIGH] CWE-20 CVE-2024-27240: Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated
Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access.
nvd
CVE-2023-36535P3MEDIUMCVSS 6.5fixed in 5.14.102023-08-08
CVE-2023-36535 [MEDIUM] CWE-449 CVE-2023-36535: Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenti
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.
nvd
CVE-2024-39818P3MEDIUMCVSS 6.5fixed in 6.0.02024-08-14
CVE-2024-39818 [MEDIUM] CWE-522 CVE-2024-39818: Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user t
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.
nvd
CVE-2024-45425P3MEDIUMCVSS 6.5fixed in 6.1.02025-02-25
CVE-2024-45425 [MEDIUM] CWE-286 CVE-2024-45425: Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an info
Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
nvd
CVE-2025-58135P3MEDIUMCVSS 6.5fixed in 6.5.02025-09-09
CVE-2025-58135 [MEDIUM] CWE-837 CVE-2025-58135: Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticat
Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.
nvd