Zoom Clients - Cross-site Scripting

Bulletin: ZSB-25025
CVEID: CVE-2025-49462
CVSS Severity: Low
CVSS Score: 3.5
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Description:

Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

Affected Products:

Zoom Workplace for Windows before version 6.4.5
Zoom Workplace for macOS before version 6.4.5
Zoom Workplace for Linux before version 6.4.5
Zoom Workplace for Android before version 6.4.5
Zoom Workplace for iOS before version 6.4.5
Zoom Rooms for Windows before version 6.4.5
Zoom Rooms for Android before version 6.4.5
Zoom Rooms for macOS before version 6.4.5
Zoom Rooms for iOS before version 6.4.5
Zoom Rooms Controller for Windows before version 6.4.5
Zoom Rooms Controller for macOS before version 6.4.5
Zoom Rooms Controller for Android before version 6.4.5
Zoom Rooms Controller for iOS before version 6.4.5
Zoom Rooms Controller for Linux before version 6.4.5
Zoom Meeting SDK for Windows before version 6.4.5
Zoom Meeting SDK for iOS before version 6.4.5
Zoom Meeting SDK for Android before version 6.4.5
Zoom Meeting SDK for macOS before version 6.4.5
Zoom Meeting SDK for Linux before version 6.4.5

Source:

Reported by Zoom Engineering Security.

Revision	Date	Description
1.0	07.08.2025	Initial publication.

Zoom Clients - Cross-site Scripting

Subscribe for updates