Zoom Video Software Development Kit — known CVE vulnerabilities
Every CVE whose affected-product data names Zoom Video Software Development Kit, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2025-0147 — CVSS 8.8 (high): Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via…
CVE-2023-49647 — CVSS 8.8 (high): Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10…
CVE-2024-45421 — CVSS 8.5 (high): Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2024-45419 — CVSS 8.1 (high): Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
CVE-2023-43586 — CVSS 7.3 (high): Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user…
CVE-2023-36533 — CVSS 7.1 (high): Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network…
CVE-2023-43585 — CVSS 7.1 (high): Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a…
CVE-2024-45422 — CVSS 6.5 (medium): Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via…
CVE-2023-49646 — CVSS 6.4 (medium): Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via…
CVE-2024-45417 — CVSS 6.0 (medium): Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct…
CVE-2024-45418 — CVSS 5.4 (medium): Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an…
CVE-2024-24690 — CVSS 5.4 (medium): Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.
CVE-2023-36539 — CVSS 5.3 (medium): Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
CVE-2023-39217 — CVSS 5.3 (medium): Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.
CVE-2023-43583 — CVSS 4.9 (medium): Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may…
CVE-2025-0145 — CVSS 4.6 (medium): Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of…
CVE-2023-39204 — CVSS 4.3 (medium): Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
CVE-2023-39205 — CVSS 4.3 (medium): Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network…
CVE-2025-0143 — CVSS 4.3 (medium): Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service…
CVE-2024-45420 — CVSS 4.3 (medium): Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via…
CVE-2025-0146 — CVSS 3.9 (low): Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of…
CVE-2023-39206 — CVSS 3.7 (low): Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
CVE-2025-0144 — CVSS 3.1 (low): Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.