CVE-2025-58134
MEDIUMCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
2Tags
Description
Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access.
Analysis
Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical Context
This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access. Affected products include: Zoom Meeting Software Development Kit, Zoom Rooms, Zoom Rooms Controller, Zoom Workplace Desktop, Zoom Workplace Virtual Desktop Infrastructure.
Affected Products
Zoom Meeting Software Development Kit, Zoom Rooms, Zoom Rooms Controller, Zoom Workplace Desktop, Zoom Workplace Virtual Desktop Infrastructure.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today