CVE-2023-43588
CVE-2023-43588 is a low-severity vulnerability in Zoom Meetings with a CVSS 3.x base score of 3.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-449.
Key facts
- Severity: Low (CVSS 3.x base score 3.5)
- EPSS exploit prediction: 1% (47th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-449
- Affected product: Zoom Meetings
- Published:
- Last modified:
Description
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.
Frequently asked questions
- What is CVE-2023-43588?
- Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.
- How severe is CVE-2023-43588?
- CVE-2023-43588 has a CVSS 3.x base score of 3.5, rated low severity. It is exploitable over network with low attack complexity, requires low privileges and user interaction. Impact on confidentiality is low, integrity none, and availability none.
- Is CVE-2023-43588 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (47th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2023-43588?
- CVE-2023-43588 primarily affects Zoom Meetings. In total, 7 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2023-43588?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2023-43588 published?
- CVE-2023-43588 was published on 2023-11-15 and last updated on 2026-06-17.
References
Affected products (7)
- cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*
- cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*
- cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*
- cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*
- cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*
- cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*
- cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*
More vulnerabilities in Zoom Meetings
- CVE-2021-34423 — Critical (CVSS 9.8): A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and…
- CVE-2021-33907 — Critical (CVSS 9.8): The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate…
- CVE-2022-28768 — High (CVSS 8.8): The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local…
- CVE-2022-28763 — High (CVSS 8.8): The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a…
- CVE-2022-28757 — High (CVSS 8.8): The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.6…
- CVE-2022-28751 — High (CVSS 8.8): The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in…
All CVEs affecting Zoom Meetings →
Other CWE-449 vulnerabilities
- CVE-2023-43585 — High (CVSS 7.1): Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an…
- CVE-2023-36535 — High (CVSS 7.1): Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to…
- CVE-2025-26643 — Medium (CVSS 5.4): The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing…
- CVE-2025-56139 — Medium (CVSS 5.3): LinkedIn Mobile Application for Android version 4.1.1087.2 fails to update link preview metadata (image, title,…
- CVE-2024-24698 — Medium (CVSS 4.9): Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via…
- CVE-2025-13637 — Medium (CVSS 4.3): Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who…