Zoom Workplace

Zoom Workplace Client <=6.5.9 Inefficient RE Allows Escalation via Network
CVE-2025-62484 8.1 - High - November 13, 2025

Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.

ReDoS

Zoom Workplace XSS (v <6.5.10) for Windows Allows Remote Integrity Impact
CVE-2025-62482 4.3 - Medium - November 13, 2025

Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.

XSS

Zoom Workplace Apps iOS <6.3.0 Authenticated User DDoS via Network
CVE-2025-0150 6.5 - Medium - March 11, 2025

Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access.

Zoom Workplace App: Unprivileged DOS via Unverified Data
CVE-2025-0149 7.5 - High - March 11, 2025

Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access.

Zoom Workplace App Ownership Flaw Enables Info Disclosure
CVE-2024-45426 6.5 - Medium - February 25, 2025

Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.

Zoom Apps Buffer Overflow Escalation via Authenticated Network Access
CVE-2024-45421 8.8 - High - February 25, 2025

Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.

Zoom Workplace Apps: Unauth Data Disclosure via Business Logic Flaw
CVE-2024-45424 7.5 - High - February 25, 2025

Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access.

Zoom Workplace App Privilege Escalation: Info Disclosure via Network
CVE-2024-45425 6.5 - Medium - February 25, 2025

Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.

Zoom Apps: Improper Input Validation Leading to Denial of Service
CVE-2024-45422 7.5 - High - November 19, 2024

Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access.

Zoom Apps Uncontrolled Resource Consumption Denial of Service Vulnerability
CVE-2024-45420 6.5 - Medium - November 19, 2024

Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access.

Zoom Apps Information Disclosure Vulnerability
CVE-2024-45419 7.5 - High - November 19, 2024

Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.

Zoom Workplace: Authenticated Data Disclosure in Rooms Apps/SDKs
CVE-2024-39822 6.5 - Medium - August 14, 2024

Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.

Zoom Workplace SDK Authenticated info disclosure via network
CVE-2024-39818 6.5 - Medium - August 14, 2024

Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.

Insufficiently Protected Credentials

Zoom Workplace Apps/SDK Buffer Overflow Enables Authenticated DoS
CVE-2024-42438 6.5 - Medium - August 14, 2024

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.

Memory Corruption

Zoom Workplace Apps/SDKs/Rooms Clients: Missing Auth Allows Info Disclosure
CVE-2024-39823 4.9 - Medium - August 14, 2024

Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.

AuthZ

Zoom Workplace Apps/SDKs/Rooms: Missing Auth Enables Info Disclosure
CVE-2024-39824 4.9 - Medium - August 14, 2024

Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.

AuthZ

Zoom Workplace Apps Client buffer overflow allows privileged escalation via net
CVE-2024-39825 8.5 - High - August 14, 2024

Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.

Memory Corruption

Zoom Workplace Apps/SDKs Missing Auth Enabling Info Disclosure
CVE-2024-42434 4.9 - Medium - August 14, 2024

Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.

AuthZ

Zoom Info Disclosure via Network (CVE-2024-42435)
CVE-2024-42435 4.9 - Medium - August 14, 2024

Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.

Zoom Workplace Buffer Overflow Allows Authenticated DoS
CVE-2024-42436 6.5 - Medium - August 14, 2024

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.

Memory Corruption

Zoom Workplace/Rooms Buffer Overflow: Authenticated DoS via Network
CVE-2024-42437 6.5 - Medium - August 14, 2024

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.

Memory Corruption