Every CVE whose affected-product data names Zoom Rooms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (107)
CVE-2024-24691 — CVSS 9.6 (critical): Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an…
CVE-2025-49457 — CVSS 9.6 (critical): Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via…
CVE-2022-36930 — CVSS 8.8 (high): Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user…
CVE-2023-39211 — CVSS 8.8 (high): Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user…
CVE-2022-28752 — CVSS 8.8 (high): Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local…
CVE-2022-36924 — CVSS 8.8 (high): The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could…
CVE-2022-36926 — CVSS 8.8 (high): Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could…
CVE-2025-30663 — CVSS 8.8 (high): Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege…
CVE-2022-36927 — CVSS 8.8 (high): Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could…
CVE-2025-27439 — CVSS 8.5 (high): Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2025-27440 — CVSS 8.5 (high): Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2024-45421 — CVSS 8.5 (high): Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2024-39825 — CVSS 8.5 (high): Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via…
CVE-2025-0151 — CVSS 8.5 (high): Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2023-36538 — CVSS 8.4 (high): Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of…
CVE-2023-28597 — CVSS 8.3 (high): Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB…
CVE-2023-34119 — CVSS 8.2 (high): Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an…
CVE-2023-36536 — CVSS 8.2 (high): Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an…
CVE-2024-45419 — CVSS 8.1 (high): Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
CVE-2023-39212 — CVSS 7.9 (high): Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via…
CVE-2026-30906 — CVSS 7.8 (high): Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an…
CVE-2026-30902 — CVSS 7.8 (high): Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via…
CVE-2022-36929 — CVSS 7.8 (high): The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could…
CVE-2025-67460 — CVSS 7.8 (high): Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an…
CVE-2021-34409 — CVSS 7.8 (high): It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before…
CVE-2023-43590 — CVSS 7.8 (high): Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via…
CVE-2023-43591 — CVSS 7.8 (high): Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of…
CVE-2021-34411 — CVSS 7.8 (high): During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet…
CVE-2023-39214 — CVSS 7.6 (high): Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via…
CVE-2022-22786 — CVSS 7.5 (high): The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails…
CVE-2024-39818 — CVSS 7.5 (high): Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via…
CVE-2023-34118 — CVSS 7.3 (high): Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of…
CVE-2023-36537 — CVSS 7.3 (high): Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of…
CVE-2024-24697 — CVSS 7.2 (high): Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local…
CVE-2024-24693 — CVSS 7.2 (high): Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct…
CVE-2022-22788 — CVSS 7.1 (high): The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom…
CVE-2024-27240 — CVSS 7.1 (high): Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation…
CVE-2024-27238 — CVSS 7.1 (high): Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a…
CVE-2023-36535 — CVSS 7.1 (high): Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information…
CVE-2026-30901 — CVSS 7.0 (high): Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of…
CVE-2023-22880 — CVSS 6.8 (medium): Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients…
CVE-2024-39819 — CVSS 6.7 (medium): Integrity check in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege…
CVE-2024-39821 — CVSS 6.6 (medium): Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user to…
CVE-2025-30664 — CVSS 6.6 (medium): Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2025-49458 — CVSS 6.5 (medium): Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-24699 — CVSS 6.5 (medium): Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.
CVE-2024-39822 — CVSS 6.5 (medium): Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to…
CVE-2024-42436 — CVSS 6.5 (medium): Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial…
CVE-2024-42437 — CVSS 6.5 (medium): Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial…
CVE-2024-42438 — CVSS 6.5 (medium): Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial…
CVE-2024-45422 — CVSS 6.5 (medium): Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via…
CVE-2025-0149 — CVSS 6.5 (medium): Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service…
CVE-2025-30665 — CVSS 6.5 (medium): NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2025-30666 — CVSS 6.5 (medium): NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2025-30667 — CVSS 6.5 (medium): NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2025-30668 — CVSS 6.5 (medium): Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-30670 — CVSS 6.5 (medium): Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2025-30671 — CVSS 6.5 (medium): Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2025-46785 — CVSS 6.5 (medium): Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-42440 — CVSS 6.2 (medium): Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client…
CVE-2025-49456 — CVSS 6.2 (medium): Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via…
CVE-2024-42441 — CVSS 6.2 (medium): Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client…
CVE-2023-39218 — CVSS 6.1 (medium): Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure…
CVE-2024-45417 — CVSS 6.0 (medium): Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct…
CVE-2023-36532 — CVSS 5.9 (medium): Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.
CVE-2023-43582 — CVSS 5.5 (medium): Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.
CVE-2024-24690 — CVSS 5.4 (medium): Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-45418 — CVSS 5.4 (medium): Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an…
CVE-2024-24692 — CVSS 5.3 (medium): Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial…
CVE-2025-62483 — CVSS 5.3 (medium): Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a…
CVE-2024-45424 — CVSS 5.3 (medium): Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network…
CVE-2025-58133 — CVSS 5.3 (medium): Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of…
CVE-2023-36539 — CVSS 5.3 (medium): Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
CVE-2024-27241 — CVSS 5.3 (medium): Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-58135 — CVSS 5.3 (medium): Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of…
CVE-2025-67461 — CVSS 5.0 (medium): External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure…
CVE-2024-42434 — CVSS 4.9 (medium): Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an…
CVE-2024-45425 — CVSS 4.9 (medium): Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
CVE-2024-45426 — CVSS 4.9 (medium): Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network…
CVE-2024-42435 — CVSS 4.9 (medium): Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to…
CVE-2024-39824 — CVSS 4.9 (medium): Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an…
CVE-2024-39823 — CVSS 4.9 (medium): Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an…
CVE-2023-39199 — CVSS 4.9 (medium): Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via…
CVE-2024-24698 — CVSS 4.9 (medium): Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
CVE-2025-27441 — CVSS 4.6 (medium): Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network…
CVE-2025-0145 — CVSS 4.6 (medium): Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of…
CVE-2025-27442 — CVSS 4.6 (medium): Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network…
CVE-2022-36925 — CVSS 4.4 (medium): Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between…
CVE-2024-27245 — CVSS 4.3 (medium): Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-45420 — CVSS 4.3 (medium): Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via…
CVE-2025-58134 — CVSS 4.3 (medium): Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via…
CVE-2023-39204 — CVSS 4.3 (medium): Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
CVE-2025-64739 — CVSS 4.3 (medium): External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via…
CVE-2025-46786 — CVSS 4.3 (medium): Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access.
CVE-2024-27246 — CVSS 4.3 (medium): Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-27239 — CVSS 4.3 (medium): Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-49460 — CVSS 4.3 (medium): Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via…
CVE-2025-49461 — CVSS 4.3 (medium): Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
CVE-2023-34121 — CVSS 4.1 (medium): Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated…
CVE-2025-58132 — CVSS 4.1 (medium): Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network…
CVE-2025-0146 — CVSS 3.9 (low): Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of…
CVE-2023-39206 — CVSS 3.7 (low): Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
CVE-2022-28764 — CVSS 3.3 (low): The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information…
CVE-2022-28766 — CVSS 3.3 (low): Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are…
CVE-2023-39202 — CVSS 3.1 (low): Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via…
CVE-2025-0144 — CVSS 3.1 (low): Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.
CVE-2025-27443 — CVSS 2.8 (low): Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of…