Zoom Workplace Clients for Windows - Incorrect Authorization

Bulletin: ZSB-25035
CVEID: CVE-2025-58134
CVSS Severity: Medium
CVSS Score: 4.3
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Description:

Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access.

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

Affected Products:

Zoom Workplace Desktop for Windows before version 6.5.0
Zoom Workplace VDI Client for Windows before version 6.3.14 and 6.4.12 in their respective tracks.
Zoom Rooms Controller for Windows before version 6.5.0
Zoom Rooms Client for Windows before version 6.5.0
Zoom Meeting SDK for Windows before version 6.5.0

Source:

Reported by Zoom Engineering Security.

Revision	Date	Description
1.0	09/09/2025	Initial publication.

Zoom Workplace Clients for Windows - Incorrect Authorization

Subscribe for updates