Rooms

Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

Published: 2026-03-11T14:50:51.685Z
Updated: 2026-03-12T03:55:32.802Z

Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access.

Published: 2026-03-11T14:47:42.729Z
Updated: 2026-03-12T03:55:32.138Z

Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access.

Published: 2025-12-10T20:37:03.144Z
Updated: 2026-02-26T16:21:05.280Z

External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.

Published: 2025-11-13T14:28:58.527Z
Updated: 2025-11-14T16:51:41.747Z

Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.

Published: 2025-11-13T15:03:07.612Z
Updated: 2025-11-13T15:15:51.024Z

Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.

Published: 2025-09-09T21:45:52.362Z
Updated: 2025-09-10T19:33:42.439Z

Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access.

Published: 2025-09-09T21:44:01.928Z
Updated: 2025-09-10T20:24:12.585Z

Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access.

Published: 2025-10-15T16:13:28.273Z
Updated: 2025-11-13T14:01:37.953Z

Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.

Published: 2025-10-15T16:10:20.442Z
Updated: 2026-02-26T16:57:29.169Z

Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.

Published: 2025-09-09T21:42:05.838Z
Updated: 2025-09-10T20:24:36.497Z

Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.

Published: 2025-09-09T21:38:40.910Z
Updated: 2025-09-10T20:25:08.077Z

Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network access.

Published: 2025-09-09T21:25:52.133Z
Updated: 2025-09-10T19:34:03.844Z

Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access

Published: 2025-08-12T22:54:20.362Z
Updated: 2026-02-26T17:48:42.934Z

Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access.

Published: 2025-08-12T22:52:22.718Z
Updated: 2025-08-13T13:24:11.169Z

Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access.

Published: 2025-05-14T17:42:30.374Z
Updated: 2025-10-02T20:59:29.011Z

Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Published: 2025-05-14T17:41:06.374Z
Updated: 2025-05-14T19:00:08.453Z

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Published: 2025-04-08T16:21:01.713Z
Updated: 2025-04-08T20:14:04.268Z

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Published: 2025-04-08T16:20:54.607Z
Updated: 2025-04-08T20:20:47.470Z

Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.

Published: 2025-05-14T17:39:55.588Z
Updated: 2025-10-02T20:44:44.793Z

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Published: 2025-05-14T17:36:19.136Z
Updated: 2025-05-14T19:00:20.154Z

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Published: 2025-05-14T17:35:15.485Z
Updated: 2025-05-14T19:00:27.119Z

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Published: 2025-05-14T17:35:06.968Z
Updated: 2025-05-14T19:00:31.446Z

Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.

Published: 2025-05-14T17:33:18.777Z
Updated: 2026-02-26T18:28:08.837Z

Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.

Published: 2025-05-14T17:31:03.695Z
Updated: 2026-02-26T18:28:09.221Z

Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access.

Published: 2025-04-08T16:16:38.148Z
Updated: 2025-04-08T20:32:12.324Z

Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.

Published: 2025-04-08T16:14:53.396Z
Updated: 2026-05-15T18:15:47.314Z

Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.

Published: 2025-04-08T16:14:40.782Z
Updated: 2026-05-15T18:15:16.837Z

Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.

Published: 2025-03-11T17:11:16.928Z
Updated: 2025-03-11T17:40:56.534Z

Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.

Published: 2025-03-11T17:10:28.524Z
Updated: 2025-03-11T18:58:55.987Z

Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.

Published: 2025-03-11T17:08:50.327Z
Updated: 2025-03-11T17:44:08.820Z

Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access.

Published: 2025-03-11T17:04:02.453Z
Updated: 2025-03-11T19:18:34.860Z

Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.

Published: 2025-01-30T19:45:39.432Z
Updated: 2025-01-30T21:23:22.776Z

Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.

Published: 2025-01-30T19:44:06.908Z
Updated: 2025-01-30T21:29:47.382Z

Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.

Published: 2025-02-25T19:39:48.596Z
Updated: 2025-02-26T16:49:25.061Z

Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.

Published: 2025-02-25T19:38:02.925Z
Updated: 2025-02-26T16:57:20.637Z

Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access.

Published: 2025-02-25T19:34:24.811Z
Updated: 2025-02-25T19:39:53.249Z

Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access.

Published: 2024-11-19T19:45:25.914Z
Updated: 2024-11-20T15:42:40.830Z

Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.

Published: 2025-02-25T19:55:02.666Z
Updated: 2025-02-25T20:09:12.193Z

Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access.

Published: 2024-11-19T19:32:02.656Z
Updated: 2024-11-20T15:16:27.856Z

Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.

Published: 2024-11-19T19:28:48.335Z
Updated: 2024-11-19T21:46:16.379Z

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.

Published: 2024-08-14T16:41:18.732Z
Updated: 2024-08-16T20:05:07.811Z

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.

Published: 2024-08-14T16:41:12.866Z
Updated: 2024-08-14T17:44:29.139Z

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.

Published: 2024-08-14T16:41:03.844Z
Updated: 2024-08-14T18:25:52.686Z

Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.

Published: 2024-08-14T16:39:46.183Z
Updated: 2024-08-15T13:58:02.205Z

Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.

Published: 2024-08-14T16:39:38.167Z
Updated: 2025-10-07T13:15:09.341Z

Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.

Published: 2024-08-14T16:34:53.595Z
Updated: 2024-08-16T13:28:41.388Z

Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.

Published: 2024-08-14T16:39:26.880Z
Updated: 2025-10-02T20:51:37.705Z

Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.

Published: 2024-08-14T16:39:13.132Z
Updated: 2025-10-02T20:49:49.959Z

Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.

Published: 2024-08-14T16:38:03.416Z
Updated: 2024-08-16T19:18:44.815Z

Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user to conduct a denial of service via local access.

Published: 2024-07-15T17:31:02.540Z
Updated: 2024-08-02T04:26:16.002Z

Integrity check in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access.

Published: 2024-07-15T17:27:41.216Z
Updated: 2025-10-02T20:47:51.225Z

Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.

Published: 2024-08-14T16:36:37.347Z
Updated: 2024-08-16T13:26:38.801Z

Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.

Published: 2025-02-25T20:32:33.638Z
Updated: 2025-02-25T21:08:59.293Z

Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.

Published: 2025-02-25T20:31:28.555Z
Updated: 2025-02-25T21:08:19.978Z

Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.

Published: 2024-07-15T17:17:01.679Z
Updated: 2024-08-02T00:27:59.870Z

Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access.

Published: 2024-07-15T17:07:42.976Z
Updated: 2024-08-02T00:27:59.850Z

Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.

Published: 2025-02-25T20:33:42.787Z
Updated: 2025-10-01T22:45:02.250Z

Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access.

Published: 2024-07-15T17:20:39.157Z
Updated: 2024-08-02T00:27:59.915Z

Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.

Published: 2024-02-13T23:56:14.515Z
Updated: 2024-09-27T19:28:28.333Z

Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.

Published: 2024-03-13T19:30:22.311Z
Updated: 2024-09-20T14:45:54.008Z

Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.

Published: 2024-03-13T19:27:30.446Z
Updated: 2024-08-01T23:28:11.184Z

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.

Published: 2024-02-14T00:01:30.884Z
Updated: 2025-05-12T15:07:21.269Z

Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.

Published: 2023-11-14T23:12:32.799Z
Updated: 2024-09-19T13:52:36.217Z

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.

Published: 2023-08-08T17:54:59.577Z
Updated: 2024-10-10T16:20:58.392Z

Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.

Published: 2023-08-08T21:38:25.554Z
Updated: 2024-09-27T19:07:24.020Z

Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.

Published: 2023-08-08T21:32:20.220Z
Updated: 2024-10-04T17:31:17.356Z

Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.

Published: 2023-08-08T21:30:46.350Z
Updated: 2024-10-10T16:20:17.820Z

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.

Published: 2023-11-14T23:02:41.332Z
Updated: 2024-08-29T15:45:07.488Z

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.

Published: 2023-11-14T22:28:44.622Z
Updated: 2024-08-29T15:20:45.432Z

Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access.

Published: 2023-11-14T22:17:33.784Z
Updated: 2024-08-29T15:21:02.476Z

Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.

Published: 2023-11-14T23:06:21.805Z
Updated: 2024-09-19T13:50:58.529Z

Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.

Published: 2023-07-11T17:12:17.255Z
Updated: 2024-10-23T15:41:31.288Z

Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.

Published: 2023-07-11T17:09:13.924Z
Updated: 2024-10-23T15:41:06.781Z

Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.

Published: 2023-07-11T17:06:59.410Z
Updated: 2024-11-07T19:22:23.853Z

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.

Published: 2023-08-08T17:39:51.259Z
Updated: 2024-10-08T15:03:49.453Z

Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.

Published: 2023-08-08T17:30:58.217Z
Updated: 2024-10-09T16:25:28.757Z

Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.

Published: 2023-06-13T17:42:17.823Z
Updated: 2025-01-02T20:00:09.588Z

Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.

Published: 2023-07-11T17:05:11.530Z
Updated: 2024-11-07T17:17:10.421Z

Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.

Published: 2023-07-11T17:01:56.053Z
Updated: 2024-10-22T20:34:26.157Z

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution.

Published: 2023-03-27T00:00:00.000Z
Updated: 2025-02-19T15:27:48.810Z

Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted text to Microsoft’s online Spellcheck service instead of the local Windows Spellcheck. Updating Zoom remediates this vulnerability by disabling the feature. Updating Microsoft Edge WebView2 Runtime to at least version 109.0.1481.0 and restarting Zoom remediates this vulnerability by updating Microsoft’s telemetry behavior.

Published: 2023-03-16T00:00:00.000Z
Updated: 2025-02-26T20:12:41.573Z

Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.

Published: 2023-01-09T00:00:00.000Z
Updated: 2025-04-08T15:25:59.000Z

The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.

Published: 2023-01-09T00:00:00.000Z
Updated: 2025-04-09T14:27:39.256Z

The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.

Published: 2022-11-17T22:37:00.188Z
Updated: 2025-04-28T15:39:04.232Z

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.

Published: 2022-11-17T22:36:56.734Z
Updated: 2025-04-29T19:37:26.893Z

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.

Published: 2022-11-14T20:17:59.455Z
Updated: 2025-04-29T19:19:29.673Z

Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local low-privileged malicious user could exploit this vulnerability to escalate their privileges to the SYSTEM user.

Published: 2022-08-17T21:06:50.206Z
Updated: 2024-09-17T03:58:48.967Z

The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host.

Published: 2022-06-15T20:12:24.369Z
Updated: 2024-09-16T20:17:33.912Z

The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version.

Published: 2022-05-18T15:42:46.414Z
Updated: 2026-06-02T13:47:48.410Z

During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.

Published: 2021-09-27T13:55:50.000Z
Updated: 2024-08-04T00:12:50.229Z