Approved changes feed: RSS · Atom
cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*
part: a version: * update: *
| Vendor | Zoom (f27b522e-dea8-5818-ba42-864516f1d399) |
|---|---|
| Product | Rooms (894ebd39-3d92-555f-83c4-48fdb7c82fc8) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | android |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-58133 |
vulnerable | 2026-06-03 15:06:20.751853 |
Zoom Rooms Clients - Authentication Bypass
MEDIUM (5.3)
Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access.
Published: 2025-10-15T16:13:28.273Z
Updated: 2025-11-13T14:01:37.953Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-49461 |
vulnerable | 2026-06-03 15:01:44.822508 |
Zoom Workplace Clients - Cross-site Scripting
MEDIUM (4.3)
Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
Published: 2025-09-09T21:42:05.838Z
Updated: 2025-09-10T20:24:36.497Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-49460 |
vulnerable | 2026-06-03 15:01:44.816591 |
Zoom Workplace Clients - Argument Injection
MEDIUM (4.3)
Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
Published: 2025-09-09T21:38:40.910Z
Updated: 2025-09-10T20:25:08.077Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-46786 |
vulnerable | 2026-06-03 15:01:28.024142 |
Zoom Workplace Apps - Cross-site Scripting
MEDIUM (4.3)
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access.
Published: 2025-05-14T17:42:30.374Z
Updated: 2025-10-02T20:59:29.011Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30668 |
vulnerable | 2026-06-03 15:00:29.242162 |
Zoom Workplace Apps - NULL Pointer Dereference
MEDIUM (6.5)
Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.
Published: 2025-05-14T17:39:55.588Z
Updated: 2025-10-02T20:44:44.793Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30667 |
vulnerable | 2026-06-03 15:00:29.240813 |
Zoom Workplace Apps - NULL Pointer Dereference
MEDIUM (6.5)
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
Published: 2025-05-14T17:36:19.136Z
Updated: 2025-05-14T19:00:20.154Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30664 |
vulnerable | 2026-06-03 15:00:29.235398 |
Zoom Workplace Apps - Cross-site Scripting
MEDIUM (6.6)
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
Published: 2025-05-14T17:33:18.777Z
Updated: 2026-02-26T18:28:08.837Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30663 |
vulnerable | 2026-06-03 15:00:29.226868 |
Zoom Workplace Apps - Time-of-check Time-of-use
HIGH (8.8)
Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
Published: 2025-05-14T17:31:03.695Z
Updated: 2026-02-26T18:28:09.221Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-27442 |
vulnerable | 2026-06-03 15:00:12.479631 |
Zoom Workplace Apps - Cross Site Scripting
MEDIUM (4.6)
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
Published: 2025-04-08T16:14:53.396Z
Updated: 2026-05-15T18:15:47.314Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-27441 |
vulnerable | 2026-06-03 15:00:12.477823 |
Zoom Workplace Apps - Cross Site Scripting
MEDIUM (4.6)
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
Published: 2025-04-08T16:14:40.782Z
Updated: 2026-05-15T18:15:16.837Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-27440 |
vulnerable | 2026-06-03 15:00:12.476339 |
Zoom Apps - Heap-based Buffer Overflow
HIGH (8.5)
Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
Published: 2025-03-11T17:11:16.928Z
Updated: 2025-03-11T17:40:56.534Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-27439 |
vulnerable | 2026-06-03 15:00:12.465289 |
Zoom Apps - Buffer Underflow
HIGH (8.5)
Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
Published: 2025-03-11T17:10:28.524Z
Updated: 2025-03-11T18:58:55.987Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0151 |
vulnerable | 2026-06-03 14:58:23.833106 |
Zoom Apps - Use After Free
HIGH (8.5)
Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
Published: 2025-03-11T17:08:50.327Z
Updated: 2025-03-11T17:44:08.820Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0149 |
vulnerable | 2026-06-03 14:58:23.828349 |
Zoom Apps - Insufficient Verification of Data Authenticity
MEDIUM (6.5)
Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access.
Published: 2025-03-11T17:04:02.453Z
Updated: 2025-03-11T19:18:34.860Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-43582 |
vulnerable | 2026-06-03 14:53:04.313599 |
Details available
MEDIUM (5.5)
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.
Published: 2023-11-14T23:12:32.799Z
Updated: 2024-09-19T13:52:36.217Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39218 |
vulnerable | 2026-06-03 14:52:37.944888 |
Details available
MEDIUM (6.1)
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.
Published: 2023-08-08T17:54:59.577Z
Updated: 2024-10-10T16:20:58.392Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39214 |
vulnerable | 2026-06-03 14:52:37.938810 |
Details available
HIGH (7.6)
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
Published: 2023-08-08T21:38:25.554Z
Updated: 2024-09-27T19:07:24.020Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39206 |
vulnerable | 2026-06-03 14:52:37.922113 |
Details available
LOW (3.7)
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
Published: 2023-11-14T23:02:41.332Z
Updated: 2024-08-29T15:45:07.488Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39204 |
vulnerable | 2026-06-03 14:52:37.916307 |
Details available
MEDIUM (4.3)
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
Published: 2023-11-14T22:28:44.622Z
Updated: 2024-08-29T15:20:45.432Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39199 |
vulnerable | 2026-06-03 14:52:37.904872 |
Details available
MEDIUM (4.9)
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.
Published: 2023-11-14T23:06:21.805Z
Updated: 2024-09-19T13:50:58.529Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-36535 |
vulnerable | 2026-06-03 14:52:26.596187 |
Details available
HIGH (7.1)
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.
Published: 2023-08-08T17:39:51.259Z
Updated: 2024-10-08T15:03:49.453Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-36532 |
vulnerable | 2026-06-03 14:52:26.577316 |
Details available
MEDIUM (5.9)
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.
Published: 2023-08-08T17:30:58.217Z
Updated: 2024-10-09T16:25:28.757Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-28597 |
vulnerable | 2026-06-03 14:51:13.081717 |
Improper trust boundary implementation for SMB in Zoom Clients
HIGH (8.3)
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution.
Published: 2023-03-27T00:00:00.000Z
Updated: 2025-02-19T15:27:48.810Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-28764 |
vulnerable | 2026-06-03 14:46:55.985667 |
Local information exposure in Zoom Clients
LOW (3.3)
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.
Published: 2022-11-14T20:17:59.455Z
Updated: 2025-04-29T19:19:29.673Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.