Severity
Medium
Analysis Summary
CVE-2025-30668 CVSS:6.5
Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-46785 CVSS:6.5
Multiple Zoom Workplace Apps for Windows are vulnerable to a denial of service, caused by a buffer over-read flaw.
CVE-2025-46786 CVSS:4.3
Zoom Workplace Apps could allow a remote attacker to bypass security restrictions, caused by improper neutralization of special elements.
CVE-2025-30663 CVSS:8.8
Multiple Zoom Workplace Apps could allow a local authenticated attacker to gain elevated privileges on the system, caused by time-of-check time-of-use race condition.
CVE-2025-30664 CVSS:6.6
Multiple Zoom Workplace Apps could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper neutralization of special elements.
CVE-2025-30665 CVSS:6.5
Multiple Zoom Workplace Apps are vulnerable to a denial of service, caused by NULL pointer dereference.
CVE-2025-30666 CVSS:6.5
Multiple Zoom Workplace Apps are vulnerable to a denial of service, caused by NULL pointer dereference.
CVE-2025-30667 CVSS:6.5
Multiple Zoom Workplace Apps are vulnerable to a denial of service, caused by NULL pointer dereference.
Impact
- Denial of Service
- Security Bypass
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2025-30668
- CVE-2025-46785
- CVE-2025-46786
- CVE-2025-30663
- CVE-2025-30664
- CVE-2025-30665
- CVE-2025-30666
- CVE-2025-30667
Affected Vendors
Affected Products
- Zoom Rooms Client for Windows
- Zoom Meeting SDK for Windows
- Zoom Workplace Desktop App for Windows
- Zoom Workplace VDI Client for Windows
- Zoom Workplace Desktop App
- Zoom Rooms Client
- Zoom Rooms Controller
- Zoom Rooms Controller for Windows
Remediation
Refer to Zoom Security Advisory for patch, upgrade or suggested workaround information.