Zoom Meeting Software Development Kit — known CVE vulnerabilities
Every CVE whose affected-product data names Zoom Meeting Software Development Kit, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (84)
CVE-2024-24691 — CVSS 9.6 (critical): Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an…
CVE-2025-49457 — CVSS 9.6 (critical): Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via…
CVE-2025-0147 — CVSS 8.8 (high): Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via…
CVE-2023-49647 — CVSS 8.8 (high): Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10…
CVE-2025-30663 — CVSS 8.8 (high): Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege…
CVE-2024-45421 — CVSS 8.5 (high): Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2025-0151 — CVSS 8.5 (high): Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2025-27439 — CVSS 8.5 (high): Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2025-27440 — CVSS 8.5 (high): Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2025-62484 — CVSS 8.1 (high): Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to…
CVE-2024-45419 — CVSS 8.1 (high): Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
CVE-2025-64741 — CVSS 8.1 (high): Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an…
CVE-2026-53408 — CVSS 8.1 (high): Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may…
CVE-2026-30900 — CVSS 7.8 (high): Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an…
CVE-2023-39214 — CVSS 7.6 (high): Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via…
CVE-2023-43586 — CVSS 7.3 (high): Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user…
CVE-2024-24697 — CVSS 7.2 (high): Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local…
CVE-2025-0150 — CVSS 7.1 (high): Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of…
CVE-2023-36533 — CVSS 7.1 (high): Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network…
CVE-2023-39215 — CVSS 7.1 (high): Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-27238 — CVSS 7.1 (high): Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a…
CVE-2023-43585 — CVSS 7.1 (high): Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a…
CVE-2024-39826 — CVSS 6.8 (medium): Race condition in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information…
CVE-2024-24695 — CVSS 6.8 (medium): Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an…
CVE-2024-24696 — CVSS 6.8 (medium): Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an…
CVE-2024-39819 — CVSS 6.7 (medium): Integrity check in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege…
CVE-2025-30664 — CVSS 6.6 (medium): Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2025-30665 — CVSS 6.5 (medium): NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2025-49458 — CVSS 6.5 (medium): Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-27243 — CVSS 6.5 (medium): Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-39822 — CVSS 6.5 (medium): Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to…
CVE-2025-46785 — CVSS 6.5 (medium): Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-30671 — CVSS 6.5 (medium): Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2025-30670 — CVSS 6.5 (medium): Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2025-30668 — CVSS 6.5 (medium): Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-42436 — CVSS 6.5 (medium): Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial…
CVE-2024-42437 — CVSS 6.5 (medium): Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial…
CVE-2024-42438 — CVSS 6.5 (medium): Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial…
CVE-2024-42439 — CVSS 6.5 (medium): Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a…
CVE-2025-30667 — CVSS 6.5 (medium): NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2024-45422 — CVSS 6.5 (medium): Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via…
CVE-2025-30666 — CVSS 6.5 (medium): NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2025-0149 — CVSS 6.5 (medium): Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service…
CVE-2023-49646 — CVSS 6.4 (medium): Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via…
CVE-2024-42441 — CVSS 6.2 (medium): Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client…
CVE-2024-42440 — CVSS 6.2 (medium): Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client…
CVE-2025-49456 — CVSS 6.2 (medium): Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via…
CVE-2024-45417 — CVSS 6.0 (medium): Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct…
CVE-2023-39210 — CVSS 5.5 (medium): Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an…
CVE-2024-24690 — CVSS 5.4 (medium): Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-45418 — CVSS 5.4 (medium): Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an…
CVE-2025-58135 — CVSS 5.3 (medium): Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of…
CVE-2025-62483 — CVSS 5.3 (medium): Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a…
CVE-2024-45424 — CVSS 5.3 (medium): Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network…
CVE-2023-39217 — CVSS 5.3 (medium): Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.
CVE-2024-27241 — CVSS 5.3 (medium): Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-64738 — CVSS 5.0 (medium): External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a…
CVE-2024-39824 — CVSS 4.9 (medium): Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an…
CVE-2024-24698 — CVSS 4.9 (medium): Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
CVE-2023-43583 — CVSS 4.9 (medium): Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may…
CVE-2024-45426 — CVSS 4.9 (medium): Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network…
CVE-2024-45425 — CVSS 4.9 (medium): Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
CVE-2024-42435 — CVSS 4.9 (medium): Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to…
CVE-2024-39823 — CVSS 4.9 (medium): Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an…
CVE-2024-42434 — CVSS 4.9 (medium): Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an…
CVE-2025-30669 — CVSS 4.8 (medium): Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via…
CVE-2025-27441 — CVSS 4.6 (medium): Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network…
CVE-2025-0145 — CVSS 4.6 (medium): Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of…
CVE-2025-27442 — CVSS 4.6 (medium): Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network…
CVE-2025-46786 — CVSS 4.3 (medium): Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access.
CVE-2025-0143 — CVSS 4.3 (medium): Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service…
CVE-2024-45420 — CVSS 4.3 (medium): Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via…
CVE-2024-27246 — CVSS 4.3 (medium): Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-27245 — CVSS 4.3 (medium): Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-49460 — CVSS 4.3 (medium): Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via…
CVE-2025-49461 — CVSS 4.3 (medium): Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
CVE-2025-58134 — CVSS 4.3 (medium): Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via…
CVE-2025-62482 — CVSS 4.3 (medium): Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network…
CVE-2024-27239 — CVSS 4.3 (medium): Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-64739 — CVSS 4.3 (medium): External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via…
CVE-2025-58132 — CVSS 4.1 (medium): Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network…
CVE-2025-0146 — CVSS 3.9 (low): Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of…
CVE-2025-0144 — CVSS 3.1 (low): Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.
CVE-2025-27443 — CVSS 2.8 (low): Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of…