This page lists publicly disclosed CVE vulnerabilities affecting zoom workplace_virtual_desktop_infrastructure (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-30905 | External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access. | [email protected] | 7.8 | 0.01% | 2026-05-13 | 2026-06-03 |
| CVE-2026-30903 | External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access. | [email protected] | 9.6 | 0.05% | 2026-03-11 | 2026-05-14 |
| CVE-2026-30902 | Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | [email protected] | 7.8 | 0.01% | 2026-03-11 | 2026-05-14 |
| CVE-2026-30900 | Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | [email protected] | 7.8 | 0.01% | 2026-03-11 | 2026-05-14 |
| CVE-2025-64740 | Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | [email protected] | 7.5 | 0.01% | 2025-11-13 | 2026-01-13 |
| CVE-2025-64739 | External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access. | [email protected] | 4.3 | 0.06% | 2025-11-13 | 2026-01-13 |
| CVE-2025-62483 | Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access. | [email protected] | 5.3 | 0.05% | 2025-11-13 | 2026-01-13 |
| CVE-2025-30669 | Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access. | [email protected] | 4.8 | 0.09% | 2025-11-13 | 2026-01-13 |
| CVE-2025-30662 | Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access. | [email protected] | 6.6 | 0.01% | 2025-11-13 | 2026-01-09 |
| CVE-2025-58132 | Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access. | [email protected] | 4.1 | 0.05% | 2025-10-15 | 2025-10-21 |
| CVE-2025-58135 | Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access. | [email protected] | 5.3 | 0.07% | 2025-09-09 | 2025-10-06 |
| CVE-2025-58134 | Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access. | [email protected] | 4.3 | 0.03% | 2025-09-09 | 2025-10-06 |
| CVE-2025-49461 | Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access. | [email protected] | 4.3 | 0.05% | 2025-09-09 | 2025-10-06 |
| CVE-2025-49460 | Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access. | [email protected] | 4.3 | 0.06% | 2025-09-09 | 2025-10-17 |
| CVE-2025-49458 | Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network access. | [email protected] | 6.5 | 0.05% | 2025-09-09 | 2025-10-17 |
| CVE-2025-49457 | Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access | [email protected] | 9.6 | 0.16% | 2025-08-12 | 2025-09-08 |
| CVE-2025-49456 | Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access. | [email protected] | 6.2 | 0.02% | 2025-08-12 | 2025-09-08 |
| CVE-2025-46786 | Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access. | [email protected] | 4.3 | 0.18% | 2025-05-14 | 2025-11-06 |
| CVE-2025-46785 | Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. | [email protected] | 6.5 | 0.31% | 2025-05-14 | 2025-08-19 |
| CVE-2025-30668 | Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access. | [email protected] | 6.5 | 0.31% | 2025-05-14 | 2025-11-04 |