CVE-2025-27443

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-27443

2.8 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

I

nsecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access.

References
Link Resource
https://www.zoom.com/en/trust/security-bulletin/zsb-25014 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*
History

01 Aug 2025, 19:02

Type Values Removed Values Added
CPE cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*
References () https://www.zoom.com/en/trust/security-bulletin/zsb-25014 - () https://www.zoom.com/en/trust/security-bulletin/zsb-25014 - Vendor Advisory
References () https://www.zoom.com/en/trust/security-bulletin/zsb-25014 - () https://www.zoom.com/en/trust/security-bulletin/zsb-25014 - Vendor Advisory
CPE cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*
First Time Zoom
Zoom meeting Software Development Kit
Zoom rooms
Zoom workplace Desktop
Zoom rooms Controller
First Time Zoom
Zoom meeting Software Development Kit
Zoom rooms
Zoom workplace Desktop
Zoom rooms Controller
Summary
  • (es) La inicialización insegura de variables predeterminadas en algunas aplicaciones de Zoom Workplace para Windows puede permitir que un usuario autenticado realice una pérdida de integridad a través del acceso local.
Summary
  • (es) La inicialización insegura de variables predeterminadas en algunas aplicaciones de Zoom Workplace para Windows puede permitir que un usuario autenticado realice una pérdida de integridad a través del acceso local.

08 Apr 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-08 17:15

Updated : 2025-08-01 19:02

NVD link : CVE-2025-27443

Mitre link : CVE-2025-27443

CVE.ORG link : CVE-2025-27443

JSON object : View

Products Affected

zoom

CWE
CWE-1188

Initialization of a Resource with an Insecure Default