Every CVE whose affected-product data names Zoom Rooms Controller, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (44)
CVE-2025-49457 — CVSS 9.6 (critical): Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via…
CVE-2025-30663 — CVSS 8.8 (high): Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege…
CVE-2024-45421 — CVSS 8.5 (high): Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2025-0151 — CVSS 8.5 (high): Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2025-27439 — CVSS 8.5 (high): Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2025-27440 — CVSS 8.5 (high): Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2024-45419 — CVSS 8.1 (high): Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
CVE-2025-30664 — CVSS 6.6 (medium): Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2025-30671 — CVSS 6.5 (medium): Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2025-46785 — CVSS 6.5 (medium): Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-42436 — CVSS 6.5 (medium): Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial…
CVE-2024-42437 — CVSS 6.5 (medium): Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial…
CVE-2024-42438 — CVSS 6.5 (medium): Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial…
CVE-2024-45422 — CVSS 6.5 (medium): Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via…
CVE-2025-49458 — CVSS 6.5 (medium): Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-0149 — CVSS 6.5 (medium): Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service…
CVE-2024-39822 — CVSS 6.5 (medium): Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to…
CVE-2025-30665 — CVSS 6.5 (medium): NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2025-30666 — CVSS 6.5 (medium): NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2025-30667 — CVSS 6.5 (medium): NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2025-30668 — CVSS 6.5 (medium): Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-30670 — CVSS 6.5 (medium): Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2025-49456 — CVSS 6.2 (medium): Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via…
CVE-2025-62483 — CVSS 5.3 (medium): Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a…
CVE-2025-58135 — CVSS 5.3 (medium): Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of…
CVE-2024-45424 — CVSS 5.3 (medium): Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network…
CVE-2024-39823 — CVSS 4.9 (medium): Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an…
CVE-2024-42435 — CVSS 4.9 (medium): Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to…
CVE-2024-42434 — CVSS 4.9 (medium): Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an…
CVE-2024-45425 — CVSS 4.9 (medium): Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
CVE-2024-45426 — CVSS 4.9 (medium): Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network…
CVE-2024-39824 — CVSS 4.9 (medium): Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an…
CVE-2025-27441 — CVSS 4.6 (medium): Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network…
CVE-2025-0145 — CVSS 4.6 (medium): Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of…
CVE-2025-27442 — CVSS 4.6 (medium): Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network…
CVE-2025-64739 — CVSS 4.3 (medium): External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via…
CVE-2025-58134 — CVSS 4.3 (medium): Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via…
CVE-2024-45420 — CVSS 4.3 (medium): Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via…
CVE-2025-46786 — CVSS 4.3 (medium): Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access.
CVE-2025-49460 — CVSS 4.3 (medium): Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via…
CVE-2025-49461 — CVSS 4.3 (medium): Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
CVE-2025-0146 — CVSS 3.9 (low): Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of…
CVE-2025-0144 — CVSS 3.1 (low): Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.
CVE-2025-27443 — CVSS 2.8 (low): Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of…