Zoom Clients - External Control of File Name or Path

Bulletin: ZSB-25041
CVEID: CVE-2025-64739
CVSS Severity: Medium
CVSS Score: 4.3
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Description:

External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

Affected Products:

Zoom Workplace for Windows before version 6.5.10
Zoom Workplace for macOS before version 6.5.10
Zoom Workplace for Linux before version 6.5.10
Zoom Workplace VDI Client for Windows before versions 6.3.14, 6.4.12 and 6.5.10 in their respective tracks
Zoom Rooms for Windows before version 6.5.10
Zoom Rooms for macOS before version 6.5.10
Zoom Rooms Controller for Windows before version 6.5.10
Zoom Rooms Controller for macOS before version 6.5.10
Zoom Rooms Controller for Linux before version 6.5.10
Zoom Meeting SDK for Windows before version 6.5.10
Zoom Meeting SDK for macOS before version 6.5.10
Zoom Meeting SDK for Linux before version 6.5.10

Source:

Reported by Zoom Engineering Security.

Revision	Date	Description
1.0	11/11/2025	Initial publication.

Zoom Clients - External Control of File Name or Path

Subscribe for updates