Home/Product/zoom workplace virtual desktop infrastructure
Product

zoom workplace virtual desktop infrastructure

56 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-30903
>= 6.4.0 and < 6.4.17
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated
9.6CRITICAL
 CVE-2026-30902
>= 6.4.0 and < 6.4.15
Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of priv
7.8HIGH
 CVE-2026-30900
<= 6.6.10
Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to c
7.8HIGH
 CVE-2025-64740
< 6.3.14
Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authentic
7.5HIGH
 CVE-2025-64739
< 6.3.14
External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of informa
4.3MEDIUM
 CVE-2025-62483
< 6.3.14
Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to condu
5.3MEDIUM
 CVE-2025-30669
< 6.3.14
Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information v
4.8MEDIUM
 CVE-2025-30662
< 6.3.14
Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and
6.6MEDIUM
 CVE-2025-58132
< 6.3.15
Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via netw
4.1MEDIUM
 CVE-2025-58135
< 6.3.14
Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosur
5.3MEDIUM
 CVE-2025-58134
< 6.3.14
Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to inte
4.3MEDIUM
 CVE-2025-49461
< 6.3.14
Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via networ
4.3MEDIUM
 CVE-2025-49460
< 6.3.14
Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of servi
4.3MEDIUM
 CVE-2025-49458
< 6.3.14
Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network acces
6.5MEDIUM
 CVE-2025-49457
< 6.1.16
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege
9.6CRITICAL
 CVE-2025-49456
< 6.2.15
Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application inte
6.2MEDIUM
 CVE-2025-46786
< 6.1.17
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access.
4.3MEDIUM
 CVE-2025-46785
< 6.1.17
Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via networ
6.5MEDIUM
 CVE-2025-30668
< 6.1.17
Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.
6.5MEDIUM
 CVE-2025-30667
< 6.1.17
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service vi
6.5MEDIUM
 CVE-2025-30666
< 6.1.17
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service vi
6.5MEDIUM
 CVE-2025-30665
< 6.1.17
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service vi
6.5MEDIUM
 CVE-2025-30664
< 6.3.10
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local a
6.6MEDIUM
 CVE-2025-30663
< 6.1.17
Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of p
8.8HIGH
 CVE-2025-30671
< 6.1.16
Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service vi
6.5MEDIUM
 CVE-2025-30670
< 6.1.16
Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service vi
6.5MEDIUM
 CVE-2025-27442
< 6.1.16
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent net
4.6MEDIUM
 CVE-2025-27441
< 6.1.16
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent net
4.6MEDIUM
 CVE-2025-27440
< 6.1.16
Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access
8.5HIGH
 CVE-2025-27439
< 6.1.16
Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network acc
8.5HIGH
 CVE-2025-0151
< 6.1.16
Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network acces
8.5HIGH
 CVE-2025-0149
< 6.1.15
Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of s
6.5MEDIUM
 CVE-2024-27246
< 5.15.17
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network acc
4.3MEDIUM
 CVE-2024-27245
< 5.15.17
Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network ac
4.3MEDIUM
 CVE-2024-27239
< 5.15.17
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network acc
4.3MEDIUM
 CVE-2024-45426
< 6.1.10
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via ne
4.9MEDIUM
 CVE-2024-45425
< 6.1.10
Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network
4.9MEDIUM
 CVE-2024-45424
< 6.1.10
Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via netw
5.3MEDIUM
 CVE-2024-45421
< 6.1.12
Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
8.5HIGH
 CVE-2025-0145
< 6.0.15
Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalat
4.6MEDIUM
 CVE-2025-0144
< 6.0.15
Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.
3.1LOW
 CVE-2024-45419
< 6.0.14
Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network a
8.1HIGH
 CVE-2024-42438
< 5.17.14
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct
6.5MEDIUM
 CVE-2024-42437
< 5.17.14
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct
6.5MEDIUM
 CVE-2024-42436
< 5.17.14
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct
6.5MEDIUM
 CVE-2024-42435
< 5.17.14
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged us
4.9MEDIUM
 CVE-2024-42434
< 5.17.14
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to condu
4.9MEDIUM
 CVE-2024-39825
< 5.17.13
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privileg
8.5HIGH
 CVE-2024-39824
< 5.17.14
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to condu
4.9MEDIUM
 CVE-2024-39823
< 5.17.14
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to condu
4.9MEDIUM
 CVE-2024-39818
< 5.17.13
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosu
7.5HIGH
 CVE-2024-39826
< 5.17.13
Race condition in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct informati
6.8MEDIUM
 CVE-2024-27241
< 5.17.13
Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network ac
5.3MEDIUM
 CVE-2024-27240
< 5.17.13
Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege e
7.1HIGH
 CVE-2024-27244
< 5.15.0
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated
6.7MEDIUM
 CVE-2024-27243
< 5.15.17
Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network
6.5MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin