Zoom Clients for Windows - Command Injection
- ZSB-25038
- CVE-2025-58132
- Medium
- 4.1
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.
Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.
- Zoom Workplace for Windows before version 6.5.5
- Zoom Workplace VDI Client for Windows before version 6.3.15 and 6.4.13 in their respective tracks.
- Zoom Rooms for Windows before version 6.5.5
- Zoom Meeting SDK for Windows before version 6.5.5
Reported by shmoul.
| Revision | Date | Description |
|---|---|---|
| 1.0 | 10/14/2025 | Initial publication. |