Every CVE whose affected-product data names Zoom Workplace, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (42)
CVE-2025-30663 — CVSS 8.8 (high): Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege…
CVE-2024-39825 — CVSS 8.5 (high): Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via…
CVE-2024-45421 — CVSS 8.5 (high): Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2025-27440 — CVSS 8.5 (high): Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2025-0151 — CVSS 8.5 (high): Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2025-27439 — CVSS 8.5 (high): Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2024-45419 — CVSS 8.1 (high): Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
CVE-2025-62484 — CVSS 8.1 (high): Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to…
CVE-2025-64741 — CVSS 8.1 (high): Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an…
CVE-2026-53407 — CVSS 8.1 (high): Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may…
CVE-2026-53408 — CVSS 8.1 (high): Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may…
CVE-2024-39818 — CVSS 7.5 (high): Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via…
CVE-2025-0150 — CVSS 7.1 (high): Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of…
CVE-2025-30664 — CVSS 6.6 (medium): Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2024-42438 — CVSS 6.5 (medium): Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial…
CVE-2024-42436 — CVSS 6.5 (medium): Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial…
CVE-2024-27243 — CVSS 6.5 (medium): Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-45422 — CVSS 6.5 (medium): Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via…
CVE-2024-42437 — CVSS 6.5 (medium): Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial…
CVE-2025-0149 — CVSS 6.5 (medium): Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service…
CVE-2025-30667 — CVSS 6.5 (medium): NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2024-39822 — CVSS 6.5 (medium): Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to…
CVE-2025-30668 — CVSS 6.5 (medium): Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-45424 — CVSS 5.3 (medium): Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network…
CVE-2024-27241 — CVSS 5.3 (medium): Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-45426 — CVSS 4.9 (medium): Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network…
CVE-2024-39823 — CVSS 4.9 (medium): Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an…
CVE-2024-39824 — CVSS 4.9 (medium): Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an…
CVE-2024-42434 — CVSS 4.9 (medium): Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an…
CVE-2024-42435 — CVSS 4.9 (medium): Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to…
CVE-2024-45425 — CVSS 4.9 (medium): Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
CVE-2025-27442 — CVSS 4.6 (medium): Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network…
CVE-2025-27441 — CVSS 4.6 (medium): Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network…
CVE-2025-49460 — CVSS 4.3 (medium): Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via…
CVE-2025-49461 — CVSS 4.3 (medium): Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
CVE-2024-27239 — CVSS 4.3 (medium): Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-45420 — CVSS 4.3 (medium): Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via…
CVE-2024-27245 — CVSS 4.3 (medium): Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-46786 — CVSS 4.3 (medium): Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access.
CVE-2024-27246 — CVSS 4.3 (medium): Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-0144 — CVSS 3.1 (low): Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.
CVE-2026-30904 — CVSS 1.8 (low): Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of…