threat
engine
.sh
Back
·
··:··
Home
/
Product
/
zoom workplace desktop
Product
zoom workplace desktop
73 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-30903
< 6.6.0
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated
9.6
CRITICAL
CVE-2026-30902
< 6.6.0
Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of priv
7.8
HIGH
CVE-2026-30900
>= 6.6.0 and < 6.6.11
Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to c
7.8
HIGH
CVE-2025-64739
< 6.5.10
External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of informa
4.3
MEDIUM
CVE-2025-64738
< 6.5.10
External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct
5.0
MEDIUM
CVE-2025-62483
< 6.5.10
Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to condu
5.3
MEDIUM
CVE-2025-62482
< 6.5.10
Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via
4.3
MEDIUM
CVE-2025-30669
< 6.5.10
Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information v
4.8
MEDIUM
CVE-2025-58132
< 6.5.5
Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via netw
4.1
MEDIUM
CVE-2025-58135
< 6.5.0
Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosur
5.3
MEDIUM
CVE-2025-58134
< 6.5.0
Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to inte
4.3
MEDIUM
CVE-2025-49461
< 6.5.0
Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via networ
4.3
MEDIUM
CVE-2025-49460
< 6.5.0
Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of servi
4.3
MEDIUM
CVE-2025-49458
< 6.5.0
Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network acces
6.5
MEDIUM
CVE-2025-49457
< 6.3.10
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege
9.6
CRITICAL
CVE-2025-49456
< 6.4.10
Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application inte
6.2
MEDIUM
CVE-2025-46788
< 6.4.13
Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an inf
7.4
HIGH
CVE-2025-46786
< 6.4.0
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access.
4.3
MEDIUM
CVE-2025-46785
< 6.4.0
Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via networ
6.5
MEDIUM
CVE-2025-30668
< 6.4.0
Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.
6.5
MEDIUM
CVE-2025-30667
< 6.4.0
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service vi
6.5
MEDIUM
CVE-2025-30666
< 6.4.0
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service vi
6.5
MEDIUM
CVE-2025-30665
< 6.4.0
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service vi
6.5
MEDIUM
CVE-2025-30664
< 6.4.0
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local a
6.6
MEDIUM
CVE-2025-30663
< 6.4.0
Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of p
8.8
HIGH
CVE-2025-30671
< 6.3.10
Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service vi
6.5
MEDIUM
CVE-2025-30670
< 6.3.10
Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service vi
6.5
MEDIUM
CVE-2025-27443
< 6.3.10
Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss
2.8
LOW
CVE-2025-27442
< 6.3.10
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent net
4.6
MEDIUM
CVE-2025-27441
< 6.3.10
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent net
4.6
MEDIUM
CVE-2025-27440
< 6.3.0
Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access
8.5
HIGH
CVE-2025-27439
< 6.3.0
Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network acc
8.5
HIGH
CVE-2025-0151
< 6.3.0
Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network acces
8.5
HIGH
CVE-2025-0149
< 6.3.0
Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of s
6.5
MEDIUM
CVE-2024-27246
< 5.17.11
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network acc
4.3
MEDIUM
CVE-2024-27245
< 5.17.11
Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network ac
4.3
MEDIUM
CVE-2024-27239
< 5.17.11
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network acc
4.3
MEDIUM
CVE-2024-45426
< 6.1.0
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via ne
4.9
MEDIUM
CVE-2024-45425
< 6.1.0
Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network
4.9
MEDIUM
CVE-2024-45424
< 6.1.0
Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via netw
5.3
MEDIUM
CVE-2024-45421
< 6.2.0
Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
8.5
HIGH
CVE-2024-45418
< 6.1.5
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an
5.4
MEDIUM
CVE-2024-45417
< 6.1.5
Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user t
6.0
MEDIUM
CVE-2025-0147
< 6.2.10
Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privileg
8.8
HIGH
CVE-2025-0146
< 6.2.10
Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a den
3.9
LOW
CVE-2025-0145
< 6.2.5
Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalat
4.6
MEDIUM
CVE-2025-0144
< 6.2.5
Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.
3.1
LOW
CVE-2025-0143
< 6.2.5
Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of
4.3
MEDIUM
CVE-2024-45422
< 6.2.0
Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service
6.5
MEDIUM
CVE-2024-45420
< 6.2.0
Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of se
4.3
MEDIUM
CVE-2024-45419
< 6.2.0
Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network a
8.1
HIGH
CVE-2024-42441
< 6.1.5
Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Room
6.2
MEDIUM
CVE-2024-42440
< 6.1.5
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms
6.2
MEDIUM
CVE-2024-42439
< 6.1.0
Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may al
6.5
MEDIUM
CVE-2024-42438
< 6.1.0
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct
6.5
MEDIUM
CVE-2024-42437
< 6.1.0
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct
6.5
MEDIUM
CVE-2024-42436
< 6.1.0
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct
6.5
MEDIUM
CVE-2024-42435
< 6.1.0
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged us
4.9
MEDIUM
CVE-2024-42434
< 6.1.0
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to condu
4.9
MEDIUM
CVE-2024-39825
< 6.0.0
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privileg
8.5
HIGH
CVE-2024-39824
< 6.1.0
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to condu
4.9
MEDIUM
CVE-2024-39823
< 6.1.0
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to condu
4.9
MEDIUM
CVE-2024-39822
< 6.0.12
Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated
6.5
MEDIUM
CVE-2024-39818
< 6.0.0
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosu
7.5
HIGH
CVE-2024-39827
< 6.0.10
Improper input validation in the installer for Zoom Workplace Desktop App for Windows before version 6.0.10 may allow an authentic
5.5
MEDIUM
CVE-2024-39826
< 6.0.0
Race condition in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct informati
6.8
MEDIUM
CVE-2024-39821
< 6.0.10
Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user
6.6
MEDIUM
CVE-2024-39820
< 6.0.10
Uncontrolled search path element in the installer for Zoom Workplace Desktop App for macOS before version 6.0.10 may allow an auth
6.6
MEDIUM
CVE-2024-39819
< 6.0.10
Integrity check in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a p
6.7
MEDIUM
CVE-2024-27241
< 6.0.0
Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network ac
5.3
MEDIUM
CVE-2024-27240
< 6.0.0
Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege e
7.1
HIGH
CVE-2024-27238
< 6.0.0
Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to co
7.1
HIGH
CVE-2024-27243
< 5.17.5
Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network
6.5
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin