Command Injection Vulnerability in Zoom Clients for Windows by Zoom
CVE-2025-58132

4.1MEDIUM

Key Information:

Vendor: Zoom
Status: Zoom Clients For Windows
Vendor: CVE Published:; 15 October 2025

What is CVE-2025-58132?

A command injection vulnerability exists in certain Zoom Clients for Windows, enabling authenticated users to disclose sensitive information via network access. This security flaw could potentially allow attackers to execute arbitrary commands and compromise the confidentiality of user data.

Affected Version(s)

Zoom Clients for Windows Windows see references

References

https://www.zoom.com/en/trust/security-bulletin/zsb-25038

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Aug 25, 2025

JSON