Zoom Workplace App Privilege Escalation: Info Disclosure via Network
CVE-2024-45425 Published on February 25, 2025
Zoom Workplace Apps - Incorrect User Management
Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
Vulnerability Analysis
CVE-2024-45425 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Incorrect User Management
The software does not properly manage a user within its environment. Users can be assigned to the wrong group (class) of permissions resulting in unintended access rights to sensitive objects.
Products Associated with CVE-2024-45425
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-45425 are published in these products:
Affected Versions
Zoom Communications, Inc Zoom Workplace Apps Version See references is affected by CVE-2024-45425Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.