Zoom Workplace Apps for Windows - Insecure Default Variable Initialization

Bulletin: ZSB-25014
CVEID: CVE-2025-27443
CVSS Severity: Low
CVSS Score: 2.8
CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Description:

Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access.

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

Affected Products:

Zoom Workplace Desktop App for Windows before version 6.3.10
Zoom Rooms Controller for Windows before version 6.4.0
Zoom Rooms Client for Windows before version 6.4.0
Zoom Meeting SDK for Windows before version 6.3.10

Source:

Reported by Zoom Engineering Security.

Revision	Date	Description
1.0	04/08/2025	Initial publication.

Zoom Workplace Apps for Windows - Insecure Default Variable Initialization

Subscribe for updates