Zoom Rooms for Windows
by Zoom Video Communications, Inc.
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-30906 | Hig | 0.51 | 7.8 | 0.00 | May 13, 2026 | Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access. | ||
| CVE-2026-30902 | Hig | 0.51 | 7.8 | 0.00 | Mar 11, 2026 | Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | ||
| CVE-2026-30900 | Hig | 0.51 | 7.8 | 0.00 | Mar 11, 2026 | Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | ||
| CVE-2026-30901 | Hig | 0.46 | 7.0 | 0.00 | Mar 11, 2026 | Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access. | ||
| CVE-2025-67460 | 0.00 | — | 0.00 | Dec 10, 2025 | Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access. | |||
| CVE-2023-39202 | 0.00 | — | 0.00 | Nov 14, 2023 | Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access. | |||
| CVE-2023-39212 | 0.00 | — | 0.00 | Aug 8, 2023 | Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access. | |||
| CVE-2023-39211 | 0.00 | — | 0.00 | Aug 8, 2023 | Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access. | |||
| CVE-2023-34119 | 0.00 | — | 0.00 | Jul 11, 2023 | Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. | |||
| CVE-2023-34118 | 0.00 | — | 0.00 | Jul 11, 2023 | Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. | |||
| CVE-2023-34121 | 0.00 | — | 0.01 | Jun 13, 2023 | Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access. | |||
| CVE-2023-34120 | 0.00 | — | 0.00 | Jun 13, 2023 | Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system… | |||
| CVE-2023-22880 | 0.00 | — | 0.01 | Mar 16, 2023 | Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom… | |||
| CVE-2022-36930 | 0.00 | — | 0.00 | Jan 9, 2023 | Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user. | |||
| CVE-2022-22788 | 0.00 | — | 0.01 | Jun 15, 2022 | The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for… |
- risk 0.51cvss 7.8epss 0.00
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
- risk 0.46cvss 7.0epss 0.00
Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access.
- CVE-2025-67460Dec 10, 2025risk 0.00cvss —epss 0.00
Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access.
- CVE-2023-39202Nov 14, 2023risk 0.00cvss —epss 0.00
Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access.
- CVE-2023-39212Aug 8, 2023risk 0.00cvss —epss 0.00
Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.
- CVE-2023-39211Aug 8, 2023risk 0.00cvss —epss 0.00
Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.
- CVE-2023-34119Jul 11, 2023risk 0.00cvss —epss 0.00
Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
- CVE-2023-34118Jul 11, 2023risk 0.00cvss —epss 0.00
Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
- CVE-2023-34121Jun 13, 2023risk 0.00cvss —epss 0.01
Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.
- CVE-2023-34120Jun 13, 2023risk 0.00cvss —epss 0.00
Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system…
- CVE-2023-22880Mar 16, 2023risk 0.00cvss —epss 0.01
Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom…
- CVE-2022-36930Jan 9, 2023risk 0.00cvss —epss 0.00
Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.
- CVE-2022-22788Jun 15, 2022risk 0.00cvss —epss 0.01
The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for…