Cross-Site Scripting Vulnerability in Zoom Workplace Clients
CVE-2025-49461

4.3MEDIUM

Key Information:

Vendor

Zoom Communications, Inc

Status
Zoom Workplace Clients
Vendor
CVE Published:
9 September 2025

What is CVE-2025-49461?

A cross-site scripting vulnerability has been identified in certain versions of Zoom Workplace Clients. This flaw could potentially allow unauthenticated users to exploit network access, creating a means for denial of service attacks. Organizations using affected versions should consider evaluating their security measures and apply necessary updates promptly to mitigate risk.

Affected Version(s)

Zoom Workplace Clients Windows 0

References

https://www.zoom.com/en/trust/security-bulletin/ZSB-25034

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-49461 : Cross-Site Scripting Vulnerability in Zoom Workplace Clients