cbcvebase.

Zoom Workplace Desktop vulnerabilities

73 known vulnerabilities affecting zoom/workplace_desktop.

Total CVEs
73
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH23MEDIUM47

Vulnerabilities

Page 2 of 4
CVE-2025-0149P3HIGHCVSS 7.5fixed in 6.3.02025-03-11
CVE-2025-0149 [HIGH] CWE-345 CVE-2025-0149: Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access.
nvd
CVE-2025-0144P3MEDIUMCVSS 6.5fixed in 6.2.52025-01-30
CVE-2025-0144 [MEDIUM] CWE-787 CVE-2025-0144: Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of in Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.
nvd
CVE-2025-0145P3HIGHCVSS 7.8fixed in 6.2.52025-01-30
CVE-2025-0145 [HIGH] CWE-426 CVE-2025-0145: Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authori Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.
nvd
CVE-2024-27240P3HIGHCVSS 7.8fixed in 6.0.02024-07-15
CVE-2024-27240 [HIGH] CWE-20 CVE-2024-27240: Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access.
nvd
CVE-2024-39818P3MEDIUMCVSS 6.5fixed in 6.0.02024-08-14
CVE-2024-39818 [MEDIUM] CWE-522 CVE-2024-39818: Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user t Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.
nvd
CVE-2024-45425P3MEDIUMCVSS 6.5fixed in 6.1.02025-02-25
CVE-2024-45425 [MEDIUM] CWE-286 CVE-2024-45425: Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an info Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
nvd
CVE-2025-58135P3MEDIUMCVSS 6.5fixed in 6.5.02025-09-09
CVE-2025-58135 [MEDIUM] CWE-837 CVE-2025-58135: Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticat Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.
nvd
CVE-2025-30664P4HIGHCVSS 8.2fixed in 6.4.02025-05-14
CVE-2025-30664 [HIGH] CWE-79 CVE-2025-30664: Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escal Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
nvd
CVE-2025-49461P4HIGHCVSS 7.4fixed in 6.5.02025-09-09
CVE-2025-49461 [HIGH] CWE-79 CVE-2025-49461: Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
nvd
CVE-2024-39819P4HIGHCVSS 7.3fixed in 6.0.102024-07-15
CVE-2024-39819 [HIGH] CWE-494 CVE-2024-39819: Integrity check in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an auth Integrity check in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access.
nvd
CVE-2024-45426P4MEDIUMCVSS 6.5fixed in 6.1.02025-02-25
CVE-2024-45426 [MEDIUM] CWE-708 CVE-2024-45426: Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
nvd
CVE-2024-39822P4MEDIUMCVSS 6.5fixed in 6.0.122024-08-14
CVE-2024-39822 [MEDIUM] CWE-200 CVE-2024-39822: Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controlle Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.
nvd
CVE-2024-27246P4MEDIUMCVSS 6.5fixed in 5.17.112025-02-25
CVE-2024-27246 [MEDIUM] CWE-416 CVE-2024-27246: Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a den Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2024-27239P4MEDIUMCVSS 6.5fixed in 5.17.112025-02-25
CVE-2024-27239 [MEDIUM] CWE-416 CVE-2024-27239: Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a den Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2024-39826P4MEDIUMCVSS 6.8fixed in 6.0.02024-07-15
CVE-2024-39826 [MEDIUM] CWE-367 CVE-2024-39826: Race condition in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authentic Race condition in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access.
nvd
CVE-2024-27245P4MEDIUMCVSS 6.5fixed in 5.17.112025-02-25
CVE-2024-27245 [MEDIUM] CWE-122 CVE-2024-27245: Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a de Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2024-42437P4MEDIUMCVSS 6.5fixed in 6.1.02024-08-14
CVE-2024-42437 [MEDIUM] CWE-122 CVE-2024-42437: Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2024-42436P4MEDIUMCVSS 6.5fixed in 6.1.02024-08-14
CVE-2024-42436 [MEDIUM] CWE-122 CVE-2024-42436: Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2024-42438P4MEDIUMCVSS 6.5fixed in 6.1.02024-08-14
CVE-2024-42438 [MEDIUM] CWE-122 CVE-2024-42438: Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2025-46785P4MEDIUMCVSS 6.5fixed in 6.4.02025-05-14
CVE-2025-46785 [MEDIUM] CWE-120 CVE-2025-46785: Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
nvd
Zoom Workplace Desktop vulnerabilities | cvebase