CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-49462: Zoom Clients - Cross-site Scripting

3.5 CVSS

Description

Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.

Classification

CVE ID: CVE-2025-49462

CVSS Base Severity: LOW

CVSS Base Score: 3.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Problem Types

CWE-352 Cross-Site Request Forgery (CSRF)

Affected Products

Vendor: Zoom Communications Inc.

Product: Zoom Clients

References

https://nvd.nist.gov/vuln/detail/CVE-2025-49462
https://https://www.zoom.com/en/trust/security-bulletin/zsb-25025/

Timeline