Zoom Video Software Development Kit

Zoom Apps Buffer Overflow Escalation via Authenticated Network Access
CVE-2024-45421 8.8 - High - February 25, 2025

Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.

Uncontrolled Res Consumption in Zoom App Installer (<6.1.5) on macOS
CVE-2024-45417 5.5 - Medium - February 25, 2025

Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.

Zoom macOS App Pre-6.1.5 Symlink Following in Installer Causing Priv Escalation
CVE-2024-45418 8.8 - High - February 25, 2025

Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.

OOB Write in Zoom Workplace App <=6.2.5 (Linux) - DoS
CVE-2025-0143 6.5 - Medium - January 30, 2025

Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service via network access.

Zoom Workplace App macOS <6.2.10 Symlink Following in Installer Local DOS
CVE-2025-0146 5 - Medium - January 30, 2025

Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access.

Zoom Workplace App (Linux) v<6.2.10 - EoP via Net Type Confusion
CVE-2025-0147 9.8 - Critical - January 30, 2025

Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access.

Zoom Apps Information Disclosure Vulnerability
CVE-2024-45419 7.5 - High - November 19, 2024

Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.

Zoom Apps Uncontrolled Resource Consumption Denial of Service Vulnerability
CVE-2024-45420 6.5 - Medium - November 19, 2024

Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access.

Zoom Apps: Improper Input Validation Leading to Denial of Service
CVE-2024-45422 7.5 - High - November 19, 2024

Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access.

Zoom Client DoS via Improper Input Validation
CVE-2024-24690 6.5 - Medium - February 14, 2024

Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.

Improper Validation of Specified Quantity in Input

Zoom Desktop & SDK Local Priv Esc CVE-2023-49647 (pre-5.16.10)
CVE-2023-49647 7.8 - High - January 12, 2024

Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.

Zoom Mobile App & SDKs v<5.16.0: Privileged User Info Leak
CVE-2023-43583 4.9 - Medium - December 13, 2023

Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access.

Zoom iOS Mobile App SDK Improper Access Control before 5.16.5
CVE-2023-43585 6.5 - Medium - December 13, 2023

Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.

Zoom Client <=5.16.5 Improper Auth leads to DoS via Network
CVE-2023-49646 6.5 - Medium - December 13, 2023

Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.

authentification

Zoom Desktop Client Path Trv Auth Escalation via Net Access
CVE-2023-43586 8.8 - High - December 13, 2023

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.

Directory traversal

Zoom Client DoS via Buffer Overflow
CVE-2023-39204 7.5 - High - November 14, 2023

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.

Classic Buffer Overflow

Zoom Client DoS via Improper Team Chat Context Check
CVE-2023-39205 6.5 - Medium - November 14, 2023

Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access.

Improper Check for Unusual or Exceptional Conditions

Zoom Client Buffer Overflow (BOF) Enables DoS via Network
CVE-2023-39206 7.5 - High - November 14, 2023

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.

Classic Buffer Overflow

Zoom SDK <5.14.10 Improper Input Validation Enables Unauth DoS
CVE-2023-39217 7.5 - High - August 08, 2023

Improper input validation in Zoom SDKs before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.

Uncontrolled Resource Consumption in Zoom SDKs <=5.14.6 Enables Network DoS
CVE-2023-36533 7.5 - High - August 08, 2023

Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access.

Zoom Client Info Disclosure via Improper Encryption Handling
CVE-2023-36539 7.5 - High - June 30, 2023

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.

Inadequate Encryption Strength