Zoom Addresses Buffer Overflow, XSS, and Authorization Security Vulnerability
Threat:Vulnerability
Targeted Region:Global
Targeted Sector:Technology & IT
Criticality:High
EXECUTIVE SUMMARY:
CVE-2025-49459: Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access with CVSS 7.3.
CVE-2025-58135: Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access with CVSS 5.3.
CVE-2025-58134: Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access with CVSS 4.3.
CVE-2025-49458: Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network access with CVSS 6.5.
CVE-2025-49460: Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access. ork access with CVSS 4.3.
CVE-2025-49461: Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access with CVSS 4.3.
CVE-2025-58131: A race condition has been identified in the Zoom Workplace VDI Plugin for VMware Horizon on macOS, affecting versions prior to 6.4.10, and also prior versions 6.2.15 and 6.3.12 with CVSS 6.6.
