Zoom Client
by Zoom Video Communications, Inc.
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-6109 | Cri | 0.64 | 9.8 | 0.05 | Jun 8, 2020 | An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An… | ||
| CVE-2020-6110 | Hig | 0.58 | 8.8 | 0.04 | Jun 8, 2020 | An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution.… | ||
| CVE-2019-13567 | Hig | 0.58 | 8.8 | 0.04 | Jul 12, 2019 | The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or can't be opened, an attacker can remotely execute… | ||
| CVE-2019-13450 | Med | 0.43 | 6.5 | 0.04 | Jul 9, 2019 | In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. NOTE: a… | ||
| CVE-2019-13449 | Med | 0.42 | 6.5 | 0.02 | Jul 9, 2019 | In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a sequence of invalid launch?action=join&confno= requests to localhost port 19421. | ||
| CVE-2025-62483 | 0.00 | — | 0.00 | Nov 13, 2025 | Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access. | |||
| CVE-2025-30669 | 0.00 | — | 0.00 | Nov 13, 2025 | Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access. | |||
| CVE-2025-64739 | 0.00 | — | 0.00 | Nov 13, 2025 | External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access. | |||
| CVE-2025-58133 | 0.00 | — | 0.00 | Oct 15, 2025 | Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access. | |||
| CVE-2025-58132 | 0.00 | — | 0.02 | Oct 15, 2025 | Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access. | |||
| CVE-2025-49462 | 0.00 | — | 0.00 | Jul 10, 2025 | Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access. | |||
| CVE-2024-42441 | 0.00 | — | 0.00 | Aug 14, 2024 | Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access. | |||
| CVE-2024-42440 | 0.00 | — | 0.00 | Aug 14, 2024 | Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access. | |||
| CVE-2024-27247 | 0.00 | — | 0.00 | Apr 9, 2024 | Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access. | |||
| CVE-2024-24693 | 0.00 | — | 0.00 | Mar 13, 2024 | Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access. |
- risk 0.64cvss 9.8epss 0.05
An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An…
- risk 0.58cvss 8.8epss 0.04
An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution.…
- risk 0.58cvss 8.8epss 0.04
The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or can't be opened, an attacker can remotely execute…
- risk 0.43cvss 6.5epss 0.04
In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. NOTE: a…
- risk 0.42cvss 6.5epss 0.02
In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a sequence of invalid launch?action=join&confno= requests to localhost port 19421.
- CVE-2025-62483Nov 13, 2025risk 0.00cvss —epss 0.00
Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.
- CVE-2025-30669Nov 13, 2025risk 0.00cvss —epss 0.00
Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.
- CVE-2025-64739Nov 13, 2025risk 0.00cvss —epss 0.00
External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.
- CVE-2025-58133Oct 15, 2025risk 0.00cvss —epss 0.00
Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access.
- CVE-2025-58132Oct 15, 2025risk 0.00cvss —epss 0.02
Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.
- CVE-2025-49462Jul 10, 2025risk 0.00cvss —epss 0.00
Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.
- CVE-2024-42441Aug 14, 2024risk 0.00cvss —epss 0.00
Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
- CVE-2024-42440Aug 14, 2024risk 0.00cvss —epss 0.00
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
- CVE-2024-27247Apr 9, 2024risk 0.00cvss —epss 0.00
Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access.
- CVE-2024-24693Mar 13, 2024risk 0.00cvss —epss 0.00
Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.