CVE-2025-27441
Description
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Zoom Workplace Apps are vulnerable to cross-site scripting via adjacent network access, allowing unauthenticated attackers to compromise integrity.
Vulnerability
Cross-site scripting (XSS) exists in multiple Zoom Workplace Apps for Windows, macOS, and Linux. The vulnerability arises from improper neutralization of user input, enabling an attacker to inject malicious scripts into the application interface [1].
Exploitation
An unauthenticated attacker can exploit this flaw from an adjacent network position. The attack requires user interaction, such as clicking a crafted link or viewing a malicious message. No authentication is needed, and the attack complexity is low [1].
Impact
Successful exploitation leads to low confidentiality and integrity impact. The attacker can perform actions on behalf of the user, such as modifying content or stealing sensitive information within the Zoom context [1].
Mitigation
Zoom has released updates to fix these issues. Users should upgrade to the following versions or later: Zoom Workplace Desktop App for Windows 6.3.10, macOS 6.3.10, and Linux 6.31.0 [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Zoom Communications, Inc/Zoom Workplace Appsv5Range: See references.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.zoom.com/en/trust/security-bulletin/zsb-25013nvdVendor Advisory
News mentions
0No linked articles in our index yet.