CVEFinder.io

CVE-2025-64738

🔶 medium
🔍 Scan for this CVE
Summary

External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access.

CVSS Score
5.0
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2025-11-13
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.3% of all 329,456 vulnerabilities in our database.

#265,985
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Nov 13, 2025
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-01-13
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CWE IDs (Weakness Types)
CWE-73

📦 Affected Products 2

Vendor Product Status Affected Versions
zoom meeting_software_development_kit Affected
< 6.5.10
zoom workplace_desktop Affected
< 6.5.10

🔗 References 1

https://www.zoom.com/en/trust/security-bulletin/zsb-...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-53408 ⚠️ high 8.1 0.2 Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.... 2026-06-12
CVE-2026-30900 ⚠️ high 7.8 0.0 Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated... 2026-03-11
CVE-2026-30902 ⚠️ high 7.8 0.0 Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalati... 2026-03-11
CVE-2026-30903 ⛔ critical 9.6 0.1 External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauth... 2026-03-11
CVE-2025-30669 🔶 medium 4.8 0.0 Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of inf... 2025-11-13
CVE-2025-62482 🔶 medium 4.3 0.1 Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact int... 2025-11-13
These CVEs affect the same products