CVE-2025-62484

Published Nov 13, 2025

Last updated 3 months ago

CVSS high 8.1

Overview

Description
Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.
Source
security@zoom.us
NVD status
Analyzed
Products
meeting_software_development_kit, workplace

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@zoom.us
CWE-1333

Social media

Hype score
Not currently trending

  1. ⚠️Vulnerabilidades en productos Zoom ❗CVE-2025-62484 ❗CVE-2025-64741 ❗CVE-2025-64740 ➡️Más info: https://t.co/h5m2HMROQ2 https://t.co/f9IPEtac4V

    @CERTpy

    14 Nov 2025

    85 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.CVE-2025-64741
  2. External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.CVE-2025-64739
  3. External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access.CVE-2025-64738
  4. Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.CVE-2025-62483
  5. Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.CVE-2025-62482

References

Sources include official advisories and independent security research.