Skip to main content

Zoom CVE-2025-49463

| EUVDEUVD-2025-21008 MEDIUM
Insufficient Control Flow Management (CWE-691)
2025-07-10 security@zoom.us
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
6.4.5
EUVD ID Assigned
Mar 16, 2026 - 06:52 euvd
EUVD-2025-21008
Analysis Generated
Mar 16, 2026 - 06:52 vuln.today
CVE Published
Jul 10, 2025 - 17:15 nvd
MEDIUM 6.5

DescriptionCVE.org

Insufficient control flow management in certain Zoom Clients for iOS before version 6.4.5 may allow an unauthenticated user to conduct a disclosure of information via network access.

AnalysisAI

A security vulnerability in certain Zoom Clients for iOS (CVSS 6.5) that allows an unauthenticated user. Remediation should follow standard vulnerability management procedures.

Technical ContextAI

Vulnerability type not specified by vendor. Affects certain Zoom Clients for iOS.

RemediationAI

Monitor vendor channels for patch availability.

More in Zoom

View all
CVE-2017-15049 HIGH POC
8.8 Dec 19

The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when c

CVE-2017-15048 HIGH POC
8.8 Dec 19

Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote

CVE-2020-6109 CRITICAL POC
9.8 Jun 08

An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including anima

CVE-2018-15715 CRITICAL POC
9.8 Nov 30

Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0

CVE-2020-6110 HIGH POC
8.8 Jun 08

An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages incl

CVE-2019-13567 HIGH POC
8.8 Jul 12

The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-134

CVE-2026-1368 HIGH POC
7.5 Feb 18

Video Conferencing with Zoom WordPre versions up to 4.6.6 is affected by improper authentication (CVSS 7.5).

CVE-2019-13450 MEDIUM POC
6.5 Jul 09

In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a v

CVE-2019-13449 MEDIUM POC
6.5 Jul 09

In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a s

CVE-2026-22844 CRITICAL
9.9 Jan 20

Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 have a CVSS 9.9 command injection vulnerability allowing m

CVE-2024-24691 CRITICAL
9.8 Feb 14

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Wind

CVE-2023-39213 CRITICAL
9.8 Aug 08

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may all

Share

CVE-2025-49463 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy