CVE-2025-58135

Published Sep 9, 2025

Last updated 5 months ago

CVSS medium 5.3

Overview

Description
Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.
Source
security@zoom.us
NVD status
Analyzed
Products
meeting_software_development_kit, rooms, rooms_controller, workplace_desktop, workplace_virtual_desktop_infrastructure

Risk scores

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

security@zoom.us
CWE-837

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access.CVE-2025-67461
  2. Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access.CVE-2025-67460
  3. Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.CVE-2025-62484
  4. Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.CVE-2025-64741
  5. External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.CVE-2025-64739

References

Sources include official advisories and independent security research.