Zoom
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Zoom.
By the Year
In 2026 there have been 1 vulnerability in Zoom with an average score of 9.9 out of ten. Last year, in 2025 Zoom had 20 security vulnerabilities published. Right now, Zoom is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 4.08.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 9.90 |
| 2025 | 20 | 5.82 |
| 2024 | 16 | 6.89 |
| 2023 | 39 | 7.31 |
| 2022 | 1 | 6.10 |
| 2021 | 1 | 4.30 |
| 2020 | 2 | 0.00 |
| 2019 | 3 | 0.00 |
| 2018 | 1 | 9.80 |
It may take a day or so for new Zoom vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Zoom Security Vulnerabilities
Zoom MMR Command Injection RCE before v5.2.1716.0
CVE-2026-22844
9.9 - Critical
- January 20, 2026
A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.
Shell injection
Zoom Client <6.5.10: Info Leak via Improper Sensitive Data Erasure
CVE-2025-62483
5.3 - Medium
- November 13, 2025
Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.
Improper Removal of Sensitive Information Before Storage or Transfer
Zoom Workplace VDI Plugin macOS Installer Symlink Follow (<=v6.5.10)
CVE-2025-30662
6.6 - Medium
- November 13, 2025
Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.
Reliance on File Name or Extension of Externally-Supplied File
Zoom Client Cert Validation Flaw Enables Info Disclosure via Adjacent Access
CVE-2025-30669
4.8 - Medium
- November 13, 2025
Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.
Improper Certificate Validation
Zoom Workplace Android <=6.5.9 Improper Auth Escalation via Network
CVE-2025-64741
8.1 - High
- November 13, 2025
Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.
Injection
Zoom Workplace VDI Client: Installer Crypto Signature Issue (CVE-2025-64740)
CVE-2025-64740
7.5 - High
- November 13, 2025
Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
Improper Verification of Cryptographic Signature
Zoom Client Path Injection Enables Unauth Data Disclosure via Network
CVE-2025-64739
4.3 - Medium
- November 13, 2025
External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.
External Control of File Name or Path
Zoom Workplace <6.5.10: External file name/path control leads to info disclosure
CVE-2025-64738
5 - Medium
- November 13, 2025
External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access.
External Control of File Name or Path
Zoom Rooms Client Auth Bypass <6.5.1: Info Disclosure via Network
CVE-2025-58133
5.3 - Medium
- October 15, 2025
Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access.
Authentication Bypass Using an Alternate Path or Channel
Zoom Windows Client Auth Command Injection via Network Access
CVE-2025-58132
4.1 - Medium
- October 15, 2025
Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.
Command Injection
Zoom Workplace Client auth flaw allows integrity impact via network
CVE-2025-58134
4.3 - Medium
- September 09, 2025
Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access.
AuthZ
XSS in Zoom Workplace Clients leading to DoS via Network Access
CVE-2025-49461
4.3 - Medium
- September 09, 2025
Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
XSS
Buffer Overflow in Zoom Client for Windows Enables DoS via Network
CVE-2025-49464
- July 10, 2025
Classic buffer overflow in certain Zoom Clients for Windows may allow an authorised user to conduct a denial of service via network access.
Zoom iOS Client <6.4.5: Control Flow Flaw Exposes Info
CVE-2025-49463
- July 10, 2025
Insufficient control flow management in certain Zoom Clients for iOS before version 6.4.5 may allow an unauthenticated user to conduct a disclosure of information via network access.
XSS in Zoom Client before v6.4.5 discloses info via network access
CVE-2025-49462
- July 10, 2025
Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.
Zoom Workplace Apps TOC/TOU Race Enables Local Escalation of Privilege
CVE-2025-30663
8.8 - High
- May 14, 2025
Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
TOCTTOU
Zoom Workplace Apps Priv Escal via Improper Special Element Neutralization
CVE-2025-30664
6.6 - Medium
- May 14, 2025
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
XSS
Zoom Workplace App: Authenticated User Can Compromise App Integrity via Network
CVE-2025-46786
4.3 - Medium
- May 14, 2025
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access.
XSS
Zoom Workplace Integer Underflow Lets Auth User DoS via Network
CVE-2025-30668
6.5 - Medium
- May 14, 2025
Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.
Integer underflow
Zoom Workplace Apps UAF Authenticated DoS
CVE-2024-27239
4.3 - Medium
- February 25, 2025
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
Dangling pointer
Zoom macOS App Pre-6.1.5 Symlink Following in Installer Causing Priv Escalation
CVE-2024-45418
8.8 - High
- February 25, 2025
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.
Zoom Apps: Improper Input Validation Leading to Denial of Service
CVE-2024-45422
7.5 - High
- November 19, 2024
Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access.
Zoom Apps Uncontrolled Resource Consumption Denial of Service Vulnerability
CVE-2024-45420
6.5 - Medium
- November 19, 2024
Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access.
Zoom Apps Information Disclosure Vulnerability
CVE-2024-45419
7.5 - High
- November 19, 2024
Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
Zoom Info Disclosure via Network (CVE-2024-42435)
CVE-2024-42435
4.9 - Medium
- August 14, 2024
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
Zoom Workplace App Race Condition: Authenticated Info Disclosure (CVE-202439826)
CVE-2024-39826
6.8 - Medium
- July 15, 2024
Race condition in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access.
TOCTTOU
Zoom Desktop Client XSS before 5.17.10 on Linux
CVE-2024-27242
6.8 - Medium
- April 09, 2024
Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network access.
Zoom Desktop Client <5.17.10 PrivEsc via Installer on Windows
CVE-2024-24694
7.8 - High
- April 09, 2024
Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access.
Zoom Desktop Client macOS <5.17.10 Priv Esc via Installer
CVE-2024-27247
6.7 - Medium
- April 09, 2024
Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access.
Zoom Client Improper Auth Allows Privileged Local Info Disclosure
CVE-2024-24698
4.4 - Medium
- February 14, 2024
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
Zoom 32-bit Win Client Untrusted Search Path Priv Escalation
CVE-2024-24697
7.8 - High
- February 14, 2024
Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
Untrusted Path
Zoom Authenticated Info Disclosure via Network Access Business Logic Error
CVE-2024-24699
6.5 - Medium
- February 14, 2024
Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.
Zoom Client Info Disclosure via Auth Input Validation (CVE-2024-24696)
CVE-2024-24696
6.5 - Medium
- February 14, 2024
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
Zoom Desktop & SDK Auth Info Disclosure via Improper Validation
CVE-2024-24695
6.5 - Medium
- February 14, 2024
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
Zoom Client & SDK Improper Input Validation EoP CVE-2024-24691
CVE-2024-24691
9.8 - Critical
- February 14, 2024
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
Zoom Client DoS via Improper Input Validation
CVE-2024-24690
6.5 - Medium
- February 14, 2024
Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.
Improper Validation of Specified Quantity in Input
Zoom Desktop & SDK Local Priv Esc CVE-2023-49647 (pre-5.16.10)
CVE-2023-49647
7.8 - High
- January 12, 2024
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.
Zoom Mobile App & SDKs v<5.16.0: Privileged User Info Leak
CVE-2023-43583
4.9 - Medium
- December 13, 2023
Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access.
Zoom iOS Mobile App SDK Improper Access Control before 5.16.5
CVE-2023-43585
6.5 - Medium
- December 13, 2023
Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.
Zoom Client <=5.16.5 Improper Auth leads to DoS via Network
CVE-2023-49646
6.5 - Medium
- December 13, 2023
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.
authentification
Zoom Desktop Client Path Trv Auth Escalation via Net Access
CVE-2023-43586
8.8 - High
- December 13, 2023
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
Directory traversal
Zoom Client Info Disclosure via Insufficient Control Flow (Auth)
CVE-2023-43588
6.5 - Medium
- November 15, 2023
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.
Zoom Client: Improper Auth Allows Priv Escalation via Net Access
CVE-2023-43582
8.8 - High
- November 15, 2023
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.
authentification
Zoom Client DoS via Improper Team Chat Context Check
CVE-2023-39205
6.5 - Medium
- November 14, 2023
Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access.
Improper Check for Unusual or Exceptional Conditions
Zoom In-Meeting Chat Crypto Flaw Enables Info Disclosure
CVE-2023-39199
6.5 - Medium
- November 14, 2023
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.
Uncontrolled Resource Consumption in Zoom Team Chat (Desktop/VDI)
CVE-2023-39203
7.5 - High
- November 14, 2023
Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network access.
Zoom Client DoS via Buffer Overflow
CVE-2023-39204
7.5 - High
- November 14, 2023
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
Classic Buffer Overflow
Zoom Client Buffer Overflow (BOF) Enables DoS via Network
CVE-2023-39206
7.5 - High
- November 14, 2023
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
Classic Buffer Overflow
Zoom Desktop Client Linux <5.15.10 DOS via Unauthenticated Network Access
CVE-2023-39208
7.5 - High
- September 12, 2023
Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access.
Improper Input Validation
Zoom Client: Improper Auth Permits Authenticated DoS via Network Access
CVE-2023-39215
6.5 - Medium
- September 12, 2023
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.
authentification
