Zoom
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Zoom product.
RSS Feeds for Zoom security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Zoom products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Zoom Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2025 there have been 6 vulnerabilities in Zoom with an average score of 7.3 out of ten. Last year, in 2024 Zoom had 26 security vulnerabilities published. Right now, Zoom is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.90.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 6 | 7.27 |
| 2024 | 26 | 6.37 |
| 2023 | 62 | 7.21 |
| 2022 | 28 | 7.34 |
| 2021 | 19 | 7.64 |
| 2020 | 8 | 7.54 |
| 2019 | 3 | 7.27 |
| 2018 | 1 | 9.80 |
It may take a day or so for new Zoom vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Zoom Security Vulnerabilities
Buffer overflow in some Zoom Apps may
CVE-2024-45421
8.8 - High
- February 25, 2025
Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
Business logic error in some Zoom Workplace Apps may
CVE-2024-45424
7.5 - High
- February 25, 2025
Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
Incorrect user management in some Zoom Workplace Apps may
CVE-2024-45425
6.5 - Medium
- February 25, 2025
Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
Incorrect ownership assignment in some Zoom Workplace Apps may
CVE-2024-45426
6.5 - Medium
- February 25, 2025
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may
CVE-2024-45417
5.5 - Medium
- February 25, 2025
Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may
CVE-2024-45418
8.8 - High
- February 25, 2025
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.
Zoom Apps Information Disclosure Vulnerability
CVE-2024-45419
- November 19, 2024
Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
Zoom Apps Uncontrolled Resource Consumption Denial of Service Vulnerability
CVE-2024-45420
- November 19, 2024
Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access.
Zoom Apps: Improper Input Validation Leading to Denial of Service
CVE-2024-45422
- November 19, 2024
Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access.
Protection mechanism failure for some Zoom Workplace Apps and SDKs may
CVE-2024-39818
6.5 - Medium
- August 14, 2024
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.
Insufficiently Protected Credentials
Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may
CVE-2024-39822
6.5 - Medium
- August 14, 2024
Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may
CVE-2024-39823
4.9 - Medium
- August 14, 2024
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may
CVE-2024-39824
4.9 - Medium
- August 14, 2024
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may
CVE-2024-39825
8.5 - High
- August 14, 2024
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.
Memory Corruption
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may
CVE-2024-42434
4.9 - Medium
- August 14, 2024
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may
CVE-2024-42435
4.9 - Medium
- August 14, 2024
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may
CVE-2024-42436
6.5 - Medium
- August 14, 2024
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
Memory Corruption
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may
CVE-2024-42437
6.5 - Medium
- August 14, 2024
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
Memory Corruption
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may
CVE-2024-42438
6.5 - Medium
- August 14, 2024
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
Memory Corruption
Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may
CVE-2024-42439
6.5 - Medium
- August 14, 2024
Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access.
Untrusted Path
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may
CVE-2024-42440
6.7 - Medium
- August 14, 2024
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may
CVE-2024-42441
6.7 - Medium
- August 14, 2024
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may
CVE-2024-24693
5.5 - Medium
- March 13, 2024
Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.
Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may
CVE-2024-24692
4.7 - Medium
- March 13, 2024
Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.
TOCTTOU
Improper input validation in some Zoom clients may
CVE-2024-24690
6.5 - Medium
- February 14, 2024
Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.
Improper Validation of Specified Quantity in Input
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may
CVE-2024-24691
9.8 - Critical
- February 14, 2024
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may
CVE-2024-24695
6.5 - Medium
- February 14, 2024
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may
CVE-2024-24696
6.5 - Medium
- February 14, 2024
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
Untrusted search path in some Zoom 32 bit Windows clients may
CVE-2024-24697
7.8 - High
- February 14, 2024
Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
Untrusted Path
Improper authentication in some Zoom clients may
CVE-2024-24698
4.4 - Medium
- February 14, 2024
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
Business logic error in some Zoom clients may
CVE-2024-24699
6.5 - Medium
- February 14, 2024
Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may
CVE-2023-49647
7.8 - High
- January 12, 2024
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may
CVE-2023-43586
8.8 - High
- December 13, 2023
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
Directory traversal
Improper authentication in some Zoom clients before version 5.16.5 may
CVE-2023-49646
6.5 - Medium
- December 13, 2023
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.
authentification
Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may
CVE-2023-43585
6.5 - Medium
- December 13, 2023
Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.
Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may
CVE-2023-43583
4.9 - Medium
- December 13, 2023
Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access.
Insufficient control flow management in some Zoom clients may
CVE-2023-43588
6.5 - Medium
- November 15, 2023
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.
Improper authorization in some Zoom clients may
CVE-2023-43582
8.8 - High
- November 15, 2023
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.
authentification
Link following in Zoom Rooms for macOS before version 5.16.0 may
CVE-2023-43590
7.8 - High
- November 15, 2023
Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
insecure temporary file
Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may
CVE-2023-43591
7.8 - High
- November 15, 2023
Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
Buffer overflow in some Zoom clients may
CVE-2023-39204
7.5 - High
- November 14, 2023
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
Classic Buffer Overflow
Buffer overflow in some Zoom clients may
CVE-2023-39206
7.5 - High
- November 14, 2023
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
Classic Buffer Overflow
Improper conditions check in Zoom Team Chat for Zoom clients may
CVE-2023-39205
6.5 - Medium
- November 14, 2023
Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access.
Improper Check for Unusual or Exceptional Conditions
Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may
CVE-2023-39202
5.5 - Medium
- November 14, 2023
Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access.
Untrusted Path
Cryptographic issues with In-Meeting Chat for some Zoom clients may
CVE-2023-39199
6.5 - Medium
- November 14, 2023
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.
Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may
CVE-2023-39203
7.5 - High
- November 14, 2023
Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network access.
Improper authentication in Zoom clients may
CVE-2023-39215
6.5 - Medium
- September 12, 2023
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.
authentification
Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may
CVE-2023-39208
7.5 - High
- September 12, 2023
Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access.
Improper Input Validation
Untrusted search path in CleanZoom before file date 07/24/2023 may
CVE-2023-39201
6.7 - Medium
- September 12, 2023
Untrusted search path in CleanZoom before file date 07/24/2023 may allow a privileged user to conduct an escalation of privilege via local access.
Untrusted Path
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may
CVE-2023-39214
8.1 - High
- August 08, 2023
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
Exposure of Resource to Wrong Sphere