Zoom Rooms vulnerabilities
107 known vulnerabilities affecting zoom/rooms.
Total CVEs
107
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH56MEDIUM49LOW1
Vulnerabilities
Page 4 of 6
CVE-2025-30664P4HIGHCVSS 8.2fixed in 6.4.02025-05-14
CVE-2025-30664 [HIGH] CWE-79 CVE-2025-30664: Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escal
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
nvd
CVE-2025-49461P4HIGHCVSS 7.4fixed in 6.5.02025-09-09
CVE-2025-49461 [HIGH] CWE-79 CVE-2025-49461: Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct
Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
nvd
CVE-2024-39819P4HIGHCVSS 7.3fixed in 5.17.132024-07-15
CVE-2024-39819 [HIGH] CWE-494 CVE-2024-39819: Integrity check in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an auth
Integrity check in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access.
nvd
CVE-2024-45426P4MEDIUMCVSS 6.5fixed in 6.1.02025-02-25
CVE-2024-45426 [MEDIUM] CWE-708 CVE-2024-45426: Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
nvd
CVE-2023-39199P4MEDIUMCVSS 6.5fixed in 5.16.02023-11-14
CVE-2023-39199 [MEDIUM] CWE-325 CVE-2023-39199: Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to condu
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.
nvd
CVE-2024-24690P4MEDIUMCVSS 6.5fixed in 5.17.02024-02-14
CVE-2024-24690 [MEDIUM] CWE-1284 CVE-2024-24690: Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial o
Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2024-39822P4MEDIUMCVSS 6.5fixed in 6.1.02024-08-14
CVE-2024-39822 [MEDIUM] CWE-200 CVE-2024-39822: Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controlle
Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.
nvd
CVE-2024-27246P4MEDIUMCVSS 6.5fixed in 6.0.02025-02-25
CVE-2024-27246 [MEDIUM] CWE-416 CVE-2024-27246: Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a den
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2024-27239P4MEDIUMCVSS 6.5fixed in 6.0.02025-02-25
CVE-2024-27239 [MEDIUM] CWE-416 CVE-2024-27239: Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a den
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2024-27245P4MEDIUMCVSS 6.5fixed in 6.0.02025-02-25
CVE-2024-27245 [MEDIUM] CWE-122 CVE-2024-27245: Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a de
Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2024-42437P4MEDIUMCVSS 6.5fixed in 6.1.02024-08-14
CVE-2024-42437 [MEDIUM] CWE-122 CVE-2024-42437: Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2024-42436P4MEDIUMCVSS 6.5fixed in 6.1.02024-08-14
CVE-2024-42436 [MEDIUM] CWE-122 CVE-2024-42436: Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2024-42438P4MEDIUMCVSS 6.5fixed in 6.1.02024-08-14
CVE-2024-42438 [MEDIUM] CWE-122 CVE-2024-42438: Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2025-46785P4MEDIUMCVSS 6.5fixed in 6.4.02025-05-14
CVE-2025-46785 [MEDIUM] CWE-120 CVE-2025-46785: Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct
Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2024-45420P4MEDIUMCVSS 6.5fixed in 6.2.02024-11-19
CVE-2024-45420 [MEDIUM] CWE-400 CVE-2024-45420: Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated
Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2025-49458P4MEDIUMCVSS 6.5fixed in 6.5.02025-09-09
CVE-2025-49458 [MEDIUM] CWE-120 CVE-2025-49458: Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denia
Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2025-30663P4HIGHCVSS 7.0fixed in 6.4.02025-05-14
CVE-2025-30663 [HIGH] CWE-367 CVE-2025-30663: Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user
Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
nvd
CVE-2025-30668P4MEDIUMCVSS 6.5fixed in 6.4.02025-05-14
CVE-2025-30668 [MEDIUM] CWE-191 CVE-2025-30668: Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of
Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2025-30666P4MEDIUMCVSS 6.5fixed in 6.4.02025-05-14
CVE-2025-30666 [MEDIUM] CWE-476 CVE-2025-30666: NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2025-30667P4MEDIUMCVSS 6.5fixed in 6.4.02025-05-14
CVE-2025-30667 [MEDIUM] CWE-476 CVE-2025-30667: NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
nvd