Zoom Workplace Clients for Windows - Improper Action Enforcement

Bulletin: ZSB-25036
CVEID: CVE-2025-58135
CVSS Severity: Medium
CVSS Score: 5.3
CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Description:

Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

Affected Products:

Zoom Workplace Desktop for Windows before version 6.5.0
Zoom Workplace VDI Client for Windows before version 6.3.14 and 6.4.12 in their respective tracks.
Zoom Rooms Controller for Windows before version 6.5.0
Zoom Rooms Client for Windows before version 6.5.0
Zoom Meeting SDK for Windows before version 6.5.0

Source:

Reported by Zoom Offensive Security.

Revision	Date	Description
1.0	09/09/2025	Initial publication.

Zoom Workplace Clients for Windows - Improper Action Enforcement

Subscribe for updates