Inefficient regular expression complexity in Zoom Workplace clients
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-62484 |
| CWE-ID | CWE-1333 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Zoom Workplace App for iOS Mobile applications / Apps for mobile phones Zoom Workplace App for Android Mobile applications / Apps for mobile phones Zoom Meeting SDK for iOS Universal components / Libraries / Software for developers Zoom Meeting SDK for Android Universal components / Libraries / Software for developers |
| Vendor | Zoom Video Communications, Inc. |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Inefficient regular expression complexity
EUVDB-ID: #VU118252
Risk: High
CVSSv4.0: 6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-62484
CWE-ID:
CWE-1333 - Inefficient Regular Expression Complexity
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote attacker can trick the victim into clicking on a specially crafted URL and alter application's behavior, leading to a potential code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsZoom Workplace App for iOS: 4.6.10 20012.0407 - 6.5.9 27162
Zoom Workplace App for Android: 4.6.11 20553.0413 - 6.5.9 32399
Zoom Meeting SDK for iOS: 5.9.0 - 6.5.5
Zoom Meeting SDK for Android: 5.9.0 - 6.5.6
CPE2.3- cpe:2.3:a:zoom_video_communications:zoom_client_for_ios:4.6.10:20012.0407:*:*:*:*:*:*
- cpe:2.3:a:zoom_video_communications:zoom_client_for_ios:4.6.11:20559.0413:*:*:*:*:*:*
- cpe:2.3:a:zoom_video_communications:zoom_client_for_ios:4.6.12:20589.0419:*:*:*:*:*:*
- cpe:2.3:a:zoom_video_communications:zoom_client_for_android:4.6.11:20553.0413:*:*:*:*:*:*
- cpe:2.3:a:zoom_video_communications:zoom_client_for_android:4.6.20000.0407:*:*:*:*:*:*:*
- cpe:2.3:a:zoom_video_communications:zoom_client_for_android:5.0.1:23478.0429:*:*:*:*:*:*
- cpe:2.3:a:zoom_video_communications:zoom_meeting_sdk_for_ios:5.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:zoom_video_communications:zoom_meeting_sdk_for_ios:5.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:zoom_video_communications:zoom_meeting_sdk_for_ios:5.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:zoom_video_communications:zoom_meeting_sdk_for_android:5.9.0:*:*:*:*:*:*:*
https://www.zoom.com/en/trust/security-bulletin/ZSB-25048/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to perform certain actions on the device.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
