Zoom iOS Client <6.4.5: Control Flow Flaw Exposes Info
CVE-2025-49463 Published on July 10, 2025

Zoom Clients for iOS - Insufficient Control Flow Management
Insufficient control flow management in certain Zoom Clients for iOS before version 6.4.5 may allow an unauthenticated user to conduct a disclosure of information via network access.

NVD

Vulnerability Analysis

CVE-2025-49463 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

Insufficient Control Flow Management

The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.


Products Associated with CVE-2025-49463

Want to know whenever a new CVE is published for Zoom? stack.watch will email you.

Zoom
 

Affected Versions

Zoom Communications Inc. Zoom Clients for iOS:

Exploit Probability

EPSS
0.04%
Percentile
12.48%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.