User Management Flaw in Zoom Workplace Apps Exposes Sensitive Information
CVE-2024-45425

6.5MEDIUM

Key Information:

Vendor: Zoom Communications, Inc
Status: Zoom Workplace Apps
Vendor: CVE Published:; 25 February 2025

Summary

A vulnerability in Zoom Workplace Apps has been identified, where incorrect user management practices may permit privileged users to access sensitive information through unauthorized network access. This flaw highlights the need for stringent access controls and proper management of user permissions to safeguard confidential data against potential exploitation.

Affected Version(s)

Zoom Workplace Apps Windows See references

References

https://www.zoom.com/en/trust/security-bulletin/zsb-24037/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 25, 2025
Vulnerability Reserved
Aug 28, 2024