Zoom Workplace Virtual Desktop Infrastructure — known CVE vulnerabilities
Every CVE whose affected-product data names Zoom Workplace Virtual Desktop Infrastructure, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (57)
CVE-2026-30903 — CVSS 9.6 (critical): External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to…
CVE-2025-49457 — CVSS 9.6 (critical): Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via…
CVE-2025-30663 — CVSS 8.8 (high): Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege…
CVE-2025-27439 — CVSS 8.5 (high): Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2024-39825 — CVSS 8.5 (high): Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via…
CVE-2025-27440 — CVSS 8.5 (high): Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2024-45421 — CVSS 8.5 (high): Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2025-0151 — CVSS 8.5 (high): Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2024-45419 — CVSS 8.1 (high): Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
CVE-2026-30900 — CVSS 7.8 (high): Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an…
CVE-2026-30902 — CVSS 7.8 (high): Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via…
CVE-2026-30905 — CVSS 7.8 (high): External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an…
CVE-2025-64740 — CVSS 7.5 (high): Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user…
CVE-2024-39818 — CVSS 7.5 (high): Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via…
CVE-2024-27240 — CVSS 7.1 (high): Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation…
CVE-2024-39826 — CVSS 6.8 (medium): Race condition in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information…
CVE-2024-27244 — CVSS 6.7 (medium): Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to…
CVE-2025-30664 — CVSS 6.6 (medium): Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2025-30662 — CVSS 6.6 (medium): Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in…
CVE-2025-46785 — CVSS 6.5 (medium): Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-30671 — CVSS 6.5 (medium): Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2025-30670 — CVSS 6.5 (medium): Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2025-30668 — CVSS 6.5 (medium): Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-30667 — CVSS 6.5 (medium): NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2025-0149 — CVSS 6.5 (medium): Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service…
CVE-2024-42437 — CVSS 6.5 (medium): Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial…
CVE-2024-42436 — CVSS 6.5 (medium): Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial…
CVE-2025-49458 — CVSS 6.5 (medium): Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-30666 — CVSS 6.5 (medium): NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2025-30665 — CVSS 6.5 (medium): NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network…
CVE-2024-27243 — CVSS 6.5 (medium): Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-42438 — CVSS 6.5 (medium): Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial…
CVE-2025-49456 — CVSS 6.2 (medium): Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via…
CVE-2024-45424 — CVSS 5.3 (medium): Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network…
CVE-2025-62483 — CVSS 5.3 (medium): Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a…
CVE-2025-58135 — CVSS 5.3 (medium): Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of…
CVE-2024-27241 — CVSS 5.3 (medium): Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-42435 — CVSS 4.9 (medium): Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to…
CVE-2024-45426 — CVSS 4.9 (medium): Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network…
CVE-2024-45425 — CVSS 4.9 (medium): Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
CVE-2024-42434 — CVSS 4.9 (medium): Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an…
CVE-2024-39823 — CVSS 4.9 (medium): Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an…
CVE-2024-39824 — CVSS 4.9 (medium): Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an…
CVE-2025-30669 — CVSS 4.8 (medium): Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via…
CVE-2025-27442 — CVSS 4.6 (medium): Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network…
CVE-2025-27441 — CVSS 4.6 (medium): Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network…
CVE-2025-0145 — CVSS 4.6 (medium): Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of…
CVE-2024-27245 — CVSS 4.3 (medium): Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-58134 — CVSS 4.3 (medium): Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via…
CVE-2025-49461 — CVSS 4.3 (medium): Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
CVE-2025-49460 — CVSS 4.3 (medium): Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via…
CVE-2025-64739 — CVSS 4.3 (medium): External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via…
CVE-2024-27239 — CVSS 4.3 (medium): Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-46786 — CVSS 4.3 (medium): Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access.
CVE-2024-27246 — CVSS 4.3 (medium): Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-58132 — CVSS 4.1 (medium): Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network…
CVE-2025-0144 — CVSS 3.1 (low): Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.