Zoom Clients for iOS - Insufficient Control Flow Management

Bulletin: ZSB-25026
CVEID: CVE-2025-49463
CVSS Severity: Medium
CVSS Score: 6.5
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Description:

Insufficient control flow management in certain Zoom Clients for iOS before version 6.4.5 may allow an unauthenticated user to conduct a disclosure of information via network access.

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

Affected Products:

Zoom Workplace for iOS before version 6.4.5
Zoom Meeting SDK for iOS before version 6.4.5
Zoom Rooms for iOS before version 6.4.5
Zoom Rooms Controller for iOS before version 6.4.5

Source:

Reported by Zoom Offensive Security.

Revision	Date	Description
1.0	07/08/2025	Initial publication.

Zoom Clients for iOS - Insufficient Control Flow Management

Subscribe for updates