C
ross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
References
| Link | Resource |
|---|---|
| https://www.zoom.com/en/trust/security-bulletin/ZSB-25034 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
06 Oct 2025, 17:45
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Zoom rooms
Zoom workplace Virtual Desktop Infrastructure Zoom workplace Zoom rooms Controller Zoom meeting Software Development Kit Zoom workplace Desktop Zoom |
|
| References | () https://www.zoom.com/en/trust/security-bulletin/ZSB-25034 - Vendor Advisory | |
| CPE | cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:* cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:* cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:* cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:* cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:* cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:* cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:* cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:* cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:* cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:* cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:* cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:* cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:* cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:* cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:* cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:* cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:* |
11 Sep 2025, 17:14
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-09-09 22:15
Updated : 2025-10-06 17:45
NVD link : CVE-2025-49461
Mitre link : CVE-2025-49461
CVE.ORG link : CVE-2025-49461
JSON object : View
Products Affected
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')