Improper Certificate Validation in Zoom Clients Allowing Information Disclosure
CVE-2025-30669

4.8MEDIUM

Key Information:

Vendor: Zoom
Status: Zoom Workplace Clients
Vendor: CVE Published:; 13 November 2025

What is CVE-2025-30669?

An improper certificate validation issue in certain Zoom Clients has been identified, allowing unauthenticated users to potentially disclose sensitive information via adjacent access. This vulnerability presents a risk as it could enable unauthorized disclosure of data, affecting the confidentiality of communications. Users are advised to ensure they are running the latest versions of the Zoom Client to mitigate this vulnerability.

Affected Version(s)

Zoom Workplace Clients Windows see references

References

https://www.zoom.com/en/trust/security-bulletin/zsb-25044

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2025
Vulnerability Reserved
Mar 24, 2025

JSON