This page lists publicly disclosed CVE vulnerabilities affecting zoom rooms (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-30906 | Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access. | [email protected] | 7.8 | 0.01% | 2026-05-13 | 2026-06-03 |
| CVE-2026-30902 | Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | [email protected] | 7.8 | 0.01% | 2026-03-11 | 2026-05-14 |
| CVE-2026-30901 | Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access. | [email protected] | 7.0 | 0.02% | 2026-03-11 | 2026-05-14 |
| CVE-2025-67461 | External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access. | [email protected] | 5.0 | 0.01% | 2025-12-10 | 2025-12-30 |
| CVE-2025-67460 | Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access. | [email protected] | 7.8 | 0.05% | 2025-12-10 | 2025-12-30 |
| CVE-2025-64739 | External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access. | [email protected] | 4.3 | 0.06% | 2025-11-13 | 2026-01-13 |
| CVE-2025-62483 | Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access. | [email protected] | 5.3 | 0.05% | 2025-11-13 | 2026-01-13 |
| CVE-2025-58133 | Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access. | [email protected] | 5.3 | 0.12% | 2025-10-15 | 2025-10-21 |
| CVE-2025-58132 | Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access. | [email protected] | 4.1 | 0.05% | 2025-10-15 | 2025-10-21 |
| CVE-2025-58135 | Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access. | [email protected] | 5.3 | 0.07% | 2025-09-09 | 2025-10-06 |
| CVE-2025-58134 | Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access. | [email protected] | 4.3 | 0.03% | 2025-09-09 | 2025-10-06 |
| CVE-2025-49461 | Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access. | [email protected] | 4.3 | 0.05% | 2025-09-09 | 2025-10-06 |
| CVE-2025-49460 | Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access. | [email protected] | 4.3 | 0.06% | 2025-09-09 | 2025-10-17 |
| CVE-2025-49458 | Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network access. | [email protected] | 6.5 | 0.05% | 2025-09-09 | 2025-10-17 |
| CVE-2025-49457 | Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access | [email protected] | 9.6 | 0.40% | 2025-08-12 | 2025-09-08 |
| CVE-2025-49456 | Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access. | [email protected] | 6.2 | 0.07% | 2025-08-12 | 2025-09-08 |
| CVE-2025-46786 | Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access. | [email protected] | 4.3 | 0.18% | 2025-05-14 | 2025-11-06 |
| CVE-2025-46785 | Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. | [email protected] | 6.5 | 0.31% | 2025-05-14 | 2025-08-19 |
| CVE-2025-30668 | Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access. | [email protected] | 6.5 | 0.31% | 2025-05-14 | 2025-11-04 |
| CVE-2025-30667 | NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. | [email protected] | 6.5 | 0.31% | 2025-05-14 | 2025-11-04 |