Primary

Context

Zoom Workplace Clients for Windows Improper Action Enforcement Vulnerability Allowing Information Disclosure

Vulnerability

Patched

A vulnerability exists in certain Zoom Workplace Clients for Windows, prior to version 6.5.0, as well as in the Zoom Workplace VDI Client for Windows versions prior to 6.3.14 and 6.4.12 in their respective tracks. This vulnerability involves improper action enforcement, which may enable an unauthenticated user to disclose information through network access.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure.

Remediation

Users are advised to update to the latest version of Zoom Workplace Desktop for Windows. Instructions for downloading the latest version are available on the Zoom Download page.

Added: Sep 9, 2025, 10:17 PM

Updated: Sep 9, 2025, 10:17 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.7

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.7

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zoom Workplace Clients for Windows Improper Action Enforcement Vulnerability Allowing Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

Zoom Workplace Desktop

Zoom Rooms Controller

Zoom Rooms Client

Zoom Meeting SDK

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating