CVE-2025-30664

CVSS v3 6.6 MEDIUM

6.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

ross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.

References

Link	Resource
https://www.zoom.com/en/trust/security-bulletin/zsb-25017	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zoom:meeting_software_development_kit::::::android::*
	cpe:2.3:a:zoom:meeting_software_development_kit::::::iphone_os::*
	cpe:2.3:a:zoom:meeting_software_development_kit::::::linux::*
	cpe:2.3:a:zoom:meeting_software_development_kit::::::macos::*
	cpe:2.3:a:zoom:meeting_software_development_kit::::::windows::*
	cpe:2.3:a:zoom:rooms::::::android::*
	cpe:2.3:a:zoom:rooms::::::ipados::*
	cpe:2.3:a:zoom:rooms::::::macos::*
	cpe:2.3:a:zoom:rooms::::::windows::*
	cpe:2.3:a:zoom:rooms_controller::::::android::*
	cpe:2.3:a:zoom:rooms_controller::::::linux::*
	cpe:2.3:a:zoom:rooms_controller::::::macos::*
	cpe:2.3:a:zoom:rooms_controller::::::windows::*
	cpe:2.3:a:zoom:workplace::::::android::*
	cpe:2.3:a:zoom:workplace::::::iphone_os::*
	cpe:2.3:a:zoom:workplace_desktop::::::linux::*
	cpe:2.3:a:zoom:workplace_desktop::::::macos::*
	cpe:2.3:a:zoom:workplace_desktop::::::windows::*
	cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure::::::windows::*

History

06 Nov 2025, 15:39

Type	Values Removed	Values Added
CPE		cpe:2.3:a:zoom:meeting_software_development_kit::::::linux::* cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure::::::windows::* cpe:2.3:a:zoom:workplace_desktop::::::macos::* cpe:2.3:a:zoom:rooms_controller::::::macos::* cpe:2.3:a:zoom:workplace_desktop::::::linux::* cpe:2.3:a:zoom:meeting_software_development_kit::::::iphone_os::* cpe:2.3:a:zoom:meeting_software_development_kit::::::windows::* cpe:2.3:a:zoom:rooms_controller::::::android::* cpe:2.3:a:zoom:meeting_software_development_kit::::::macos::* cpe:2.3:a:zoom:rooms::::::windows::* cpe:2.3:a:zoom:workplace_desktop::::::windows::* cpe:2.3:a:zoom:meeting_software_development_kit::::::android::* cpe:2.3:a:zoom:rooms::::::ipados::* cpe:2.3:a:zoom:rooms::::::macos::* cpe:2.3:a:zoom:rooms_controller::::::linux::* cpe:2.3:a:zoom:rooms_controller::::::windows::* cpe:2.3:a:zoom:rooms::::::android::* cpe:2.3:a:zoom:workplace::::::iphone_os::* cpe:2.3:a:zoom:workplace::::::android::*
References	~~() https://www.zoom.com/en/trust/security-bulletin/zsb-25017 -~~	() https://www.zoom.com/en/trust/security-bulletin/zsb-25017 - Vendor Advisory
First Time		Zoom rooms Zoom workplace Virtual Desktop Infrastructure Zoom workplace Zoom rooms Controller Zoom meeting Software Development Kit Zoom workplace Desktop Zoom

02 Oct 2025, 21:16

Type	Values Removed	Values Added
Summary	~~(en) Improper neutralization of special elements in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.~~	(en) Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
CWE	~~CWE-74~~	CWE-79

16 May 2025, 14:43

Type	Values Removed	Values Added
Summary		(es) La neutralización incorrecta de elementos especiales en algunas aplicaciones de Zoom Workplace puede permitir que un usuario autenticado realice una escalada de privilegios a través del acceso local.

14 May 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-14 18:15

Updated : 2025-11-06 15:39

NVD link : CVE-2025-30664

Mitre link : CVE-2025-30664

CVE.ORG link : CVE-2025-30664

JSON object : View

Products Affected

zoom

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.6 /10