CVE-2025-30669

EUVD-2025-175320
Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.8 MEDIUM
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
ZoomCNA
4.8 MEDIUM
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
zoommeeting_software_development_kit
𝑥
< 6.5.10
zoommeeting_software_development_kit
𝑥
< 6.5.10
zoomworkplace_desktop
𝑥
< 6.5.10
zoomworkplace_desktop
𝑥
< 6.5.10
zoomworkplace_virtual_desktop_infrastructure
𝑥
< 6.3.14
zoomworkplace_virtual_desktop_infrastructure
6.4.10 ≤
𝑥
< 6.4.12
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.zoom.com/en/trust/security-bulletin/zsb-25044