Zoom Clients - Cross-site Scripting

  • ZSB-25025
  • CVE-2025-49462
  • Low
  • 3.5
  • CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Cross-site scripting in certain Zoom Clients  before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.

 

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.  

  • Zoom Workplace for Windows before version 6.4.5
  • Zoom Workplace for macOS before version 6.4.5
  • Zoom Workplace for Linux before version 6.4.5
  • Zoom Workplace for Android before version 6.4.5
  • Zoom Workplace for iOS before version 6.4.5
  • Zoom Rooms for Windows before version 6.4.5
  • Zoom Rooms for Android before version 6.4.5
  • Zoom Rooms for macOS before version 6.4.5
  • Zoom Rooms for iOS before version 6.4.5
  • Zoom Rooms Controller for Windows before version 6.4.5
  • Zoom Rooms Controller for macOS before version 6.4.5
  • Zoom Rooms Controller for Android before version 6.4.5
  • Zoom Rooms Controller for iOS before version 6.4.5
  • Zoom Rooms Controller for Linux before version 6.4.5
  • Zoom Meeting SDK for Windows before version 6.4.5
  • Zoom Meeting SDK for iOS before version 6.4.5
  • Zoom Meeting SDK for Android before version 6.4.5
  • Zoom Meeting SDK for macOS before version 6.4.5
  • Zoom Meeting SDK for Linux before version 6.4.5

Reported by Zoom Engineering Security.

Revision Date Description
1.0 07/08/2025

Initial publication.