CVEFinder.io

CVE-2025-49461

đŸ”ļ medium
🔍 Scan for this CVE
Summary

Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.

CVSS Score
4.3
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2025-09-09
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 5.4% of all 329,456 vulnerabilities in our database.

#311,645
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Sep 10, 2025
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2025-10-06
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CWE IDs (Weakness Types)
CWE-79

đŸ“Ļ Affected Products 7

Vendor Product Status Affected Versions
zoom rooms Affected
< 6.5.0
zoom meeting_software_development_kit Affected
< 6.5.0
zoom workplace Affected
< 6.5.0
zoom workplace_desktop Affected
< 6.5.0
zoom workplace_virtual_desktop_infrastructure Affected
< 6.3.14
zoom workplace_virtual_desktop_infrastructure Affected
≥ 6.4.0 < 6.4.12
zoom rooms_controller Affected
< 6.5.0

🔗 References 1

https://www.zoom.com/en/trust/security-bulletin/ZSB-...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-53408 ⚠ī¸ high 8.1 0.2 Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.... 2026-06-12
CVE-2026-30906 ⚠ī¸ high 7.8 0.0 Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user t... 2026-05-13
CVE-2026-30904 ℹī¸ low 1.8 0.0 Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a... 2026-05-13
CVE-2026-30905 ⚠ī¸ high 7.8 0.0 External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11... 2026-05-13
CVE-2026-30901 ⚠ī¸ high 7.0 0.0 Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduc... 2026-03-11
CVE-2026-30902 ⚠ī¸ high 7.8 0.0 Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalati... 2026-03-11
These CVEs affect the same products