CVE-2025-62482

🔶 medium

Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.

CVSS Score

4.3

Medium

EPSS Score

0.1

Exploit Probability

Published Date

2025-11-13

First Seen: 2026-01-05

This CVE is Lower Risk - more severe than 5.4% of all 329,456 vulnerabilities in our database.

#311,645

Below average severity

Severity Percentile

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2026-01-13

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE IDs (Weakness Types)

CWE-79

📦 Affected Products 2

Vendor	Product	Status	Affected Versions
zoom	meeting_software_development_kit	Affected	< 6.5.10
zoom	workplace_desktop	Affected	< 6.5.10

Vendor Advisory

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-53408	⚠️ high	8.1	0.2	Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7....	2026-06-12
CVE-2026-30900	⚠️ high	7.8	0.0	Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated...	2026-03-11
CVE-2026-30902	⚠️ high	7.8	0.0	Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalati...	2026-03-11
CVE-2026-30903	⛔ critical	9.6	0.1	External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauth...	2026-03-11
CVE-2025-30669	🔶 medium	4.8	0.0	Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of inf...	2025-11-13
CVE-2025-62483	🔶 medium	5.3	0.1	Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated use...	2025-11-13

These CVEs affect the same products