Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Zoom Workplace Apps

Source -

CNA

CNA CVEs -

15

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
15Vulnerabilities found
CVE-2025-46786
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.46%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:42
Updated-14 May, 2025 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps - Improper Neutralization of Special Elements

Improper neutralization of special elements in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-Zoom Workplace Apps
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2025-46785
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.46%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:41
Updated-19 Aug, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for Windows - Buffer Over-read

Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplace_desktopworkplace_virtual_desktop_infrastructuremeeting_software_development_kitroomsrooms_controllerZoom Workplace Apps
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-30668
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.45%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:39
Updated-14 May, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps - NULL Pointer Dereference

Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-Zoom Workplace Apps
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30667
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 18.49%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:36
Updated-14 May, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps - NULL Pointer Dereference

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-Zoom Workplace Apps
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30664
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.03% / 5.32%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:33
Updated-17 May, 2025 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps - Improper Neutralization of Special Elements

Improper neutralization of special elements in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-Zoom Workplace Apps
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2025-30663
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-8.8||HIGH
EPSS-0.01% / 1.93%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:31
Updated-17 May, 2025 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps - Time-of-check Time-of-use

Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-Zoom Workplace Apps
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-27442
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.02% / 2.88%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 16:14
Updated-08 Apr, 2025 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps - Cross Site Scripting

Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-Zoom Workplace Apps
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27441
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.02% / 2.88%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 16:14
Updated-08 Apr, 2025 | 20:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps - Cross Site Scripting

Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-Zoom Workplace Apps
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27440
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-8.5||HIGH
EPSS-0.07% / 21.61%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 17:11
Updated-11 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Apps - Heap-based Buffer Overflow

Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-Zoom Workplace Apps
CWE ID-CWE-124
Buffer Underwrite ('Buffer Underflow')
CVE-2025-27439
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-8.5||HIGH
EPSS-0.07% / 21.61%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 17:10
Updated-11 Mar, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Apps - Buffer Underflow

Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-Zoom Workplace Apps
CWE ID-CWE-124
Buffer Underwrite ('Buffer Underflow')
CVE-2025-0151
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-8.5||HIGH
EPSS-0.06% / 17.64%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 17:08
Updated-11 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Apps - Use After Free

Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-Zoom Workplace Apps
CWE ID-CWE-416
Use After Free
CVE-2024-45426
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 13.36%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 19:39
Updated-04 Mar, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps - Incorrect Ownership Assignment

Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-rooms_controllerworkplace_virtual_desktop_infrastructureworkplaceworkplace_desktopmeeting_software_development_kitroomsZoom Workplace Apps
CWE ID-CWE-708
Incorrect Ownership Assignment
CVE-2024-45425
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 13.36%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 19:38
Updated-26 Feb, 2025 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps - Incorrect User Management

Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-Zoom Workplace Apps
CWE ID-CWE-286
Incorrect User Management
CVE-2024-45424
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 30.96%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 19:34
Updated-25 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps - Business Logic Error

Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-Zoom Workplace Apps
CVE-2025-0144
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-3.1||LOW
EPSS-0.04% / 11.38%
||
7 Day CHG~0.00%
Published-30 Jan, 2025 | 19:44
Updated-20 Aug, 2025 | 12:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps - Out-of-bounds Write

Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplacerooms_controllerroomsworkplace_virtual_desktop_infrastructureworkplace_desktopvideo_software_development_kitmeeting_software_development_kitZoom Workplace Apps
CWE ID-CWE-787
Out-of-bounds Write