Unrated severityNVD Advisory· Published Nov 14, 2022· Updated Apr 29, 2025

Local information exposure in Zoom Clients

CVE-2022-28764

Description

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Zoom Client for Meetings versions before 5.12.6 expose local meeting information due to insufficiently secure encryption of local SQL database and failure to clear data after meeting ends.

Vulnerability

The Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows prior to version 5.12.6 does not properly clear data from a local SQL database after a meeting ends. Additionally, the database is encrypted using an insufficiently secure per-device key. This allows a local malicious user to access meeting information from the previous meeting attended by the local user. [1]

Exploitation

An attacker must have local access to the affected device and be able to read the local SQL database files. No special privileges are required beyond local user access. The attacker can recover the database and decrypt it using the per-device key, obtaining meeting information such as in-meeting chat from the previous meeting. The vulnerability exists because the data is not cleared after the meeting ends. [1]

Impact

A local attacker can obtain sensitive meeting information, including in-meeting chat messages, from the previous meeting attended by the user. This leads to information disclosure of potentially confidential communications. The attacker does not gain any other privileges or remote access. [1]

Mitigation

Update to Zoom Client for Meetings version 5.12.6 or later. Zoom recommends users update to the latest version to receive fixes and security improvements. [1] If unable to update, users should ensure that no unauthorized local users have access to the device.

References

Zoom Security Bulletins

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Zoom/Zoom Client for Meetings Installerllm-fuzzy
Range: <5.12.6
Zoom Video Communications, Inc./Zoom (for Android, iOS, Linux, macOS, And Windows) Clients Before Version 5.13.5cpe-rescue
Range: unspecified
Zoom Video Communications, Inc./Zoom Rooms For Conference Room For Windowscpe-rescue
Range: unspecified
Zoom Video Communications, Inc./Zoom Vdi Windows Meeting Clientcpe-rescue
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

explore.zoom.us/en/trust/security/security-bulletin/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000