Zoom Desktop Client For Windows
by Zoom Video Communications, Inc.
CVEs (38)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-58132 | 0.00 | — | 0.02 | Oct 15, 2025 | Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access. | |||
| CVE-2025-58135 | 0.00 | — | 0.00 | Sep 9, 2025 | Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access. | |||
| CVE-2025-58134 | 0.00 | — | 0.00 | Sep 9, 2025 | Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access. | |||
| CVE-2025-49457 | 0.00 | — | 0.01 | Aug 12, 2025 | Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access | |||
| CVE-2025-49456 | 0.00 | — | 0.00 | Aug 12, 2025 | Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access. | |||
| CVE-2025-49464 | 0.00 | — | 0.01 | Jul 10, 2025 | Classic buffer overflow in certain Zoom Clients for Windows may allow an authorised user to conduct a denial of service via network access. | |||
| CVE-2025-49463 | 0.00 | — | 0.00 | Jul 10, 2025 | Insufficient control flow management in certain Zoom Clients for iOS before version 6.4.5 may allow an unauthenticated user to conduct a disclosure of information via network access. | |||
| CVE-2025-46789 | 0.00 | — | 0.00 | Jul 10, 2025 | Classic buffer overflow in certain Zoom Clients for Windows may allow an authorized user to conduct a denial of service via network access. | |||
| CVE-2024-27242 | 0.00 | — | 0.00 | Apr 9, 2024 | Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network access. | |||
| CVE-2024-27247 | 0.00 | — | 0.00 | Apr 9, 2024 | Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access. | |||
| CVE-2024-24694 | 0.00 | — | 0.00 | Apr 9, 2024 | Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access. | |||
| CVE-2024-24693 | 0.00 | — | 0.00 | Mar 13, 2024 | Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access. | |||
| CVE-2024-24692 | 0.00 | — | 0.00 | Mar 13, 2024 | Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access. | |||
| CVE-2024-24691 | 0.00 | — | 0.02 | Feb 14, 2024 | Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access. | |||
| CVE-2024-24696 | 0.00 | — | 0.01 | Feb 13, 2024 | Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. | |||
| CVE-2024-24695 | 0.00 | — | 0.01 | Feb 13, 2024 | Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. | |||
| CVE-2023-49647 | 0.00 | — | 0.00 | Jan 12, 2024 | Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access. | |||
| CVE-2023-43586 | 0.00 | — | 0.01 | Dec 13, 2023 | Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access. | |||
| CVE-2023-39203 | 0.00 | — | 0.01 | Nov 14, 2023 | Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network access. | |||
| CVE-2023-39202 | 0.00 | — | 0.00 | Nov 14, 2023 | Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access. |
- CVE-2025-58132Oct 15, 2025risk 0.00cvss —epss 0.02
Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.
- CVE-2025-58135Sep 9, 2025risk 0.00cvss —epss 0.00
Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.
- CVE-2025-58134Sep 9, 2025risk 0.00cvss —epss 0.00
Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access.
- CVE-2025-49457Aug 12, 2025risk 0.00cvss —epss 0.01
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access
- CVE-2025-49456Aug 12, 2025risk 0.00cvss —epss 0.00
Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access.
- CVE-2025-49464Jul 10, 2025risk 0.00cvss —epss 0.01
Classic buffer overflow in certain Zoom Clients for Windows may allow an authorised user to conduct a denial of service via network access.
- CVE-2025-49463Jul 10, 2025risk 0.00cvss —epss 0.00
Insufficient control flow management in certain Zoom Clients for iOS before version 6.4.5 may allow an unauthenticated user to conduct a disclosure of information via network access.
- CVE-2025-46789Jul 10, 2025risk 0.00cvss —epss 0.00
Classic buffer overflow in certain Zoom Clients for Windows may allow an authorized user to conduct a denial of service via network access.
- CVE-2024-27242Apr 9, 2024risk 0.00cvss —epss 0.00
Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network access.
- CVE-2024-27247Apr 9, 2024risk 0.00cvss —epss 0.00
Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access.
- CVE-2024-24694Apr 9, 2024risk 0.00cvss —epss 0.00
Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access.
- CVE-2024-24693Mar 13, 2024risk 0.00cvss —epss 0.00
Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.
- CVE-2024-24692Mar 13, 2024risk 0.00cvss —epss 0.00
Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.
- CVE-2024-24691Feb 14, 2024risk 0.00cvss —epss 0.02
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
- CVE-2024-24696Feb 13, 2024risk 0.00cvss —epss 0.01
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
- CVE-2024-24695Feb 13, 2024risk 0.00cvss —epss 0.01
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
- CVE-2023-49647Jan 12, 2024risk 0.00cvss —epss 0.00
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.
- CVE-2023-43586Dec 13, 2023risk 0.00cvss —epss 0.01
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
- CVE-2023-39203Nov 14, 2023risk 0.00cvss —epss 0.01
Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network access.
- CVE-2023-39202Nov 14, 2023risk 0.00cvss —epss 0.00
Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access.
Page 1 of 2