Insufficient Control Flow Management in Zoom Video Communications, Inc. products - CVE-2025-49463
Published: July 8, 2025
Vulnerability identifier: #VU112514
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-49463
CWE-ID: CWE-691
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Zoom Video Communications, Inc.
Affected software:
Zoom Workplace App for iOS
Zoom Rooms Client for iPad
Zoom Meeting SDK for iOS
Zoom Workplace App for iOS
Zoom Rooms Client for iPad
Zoom Meeting SDK for iOS
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient control flow management. A remote attacker can gain access to sensitive information.
How to mitigate CVE-2025-49463
Install updates from vendor's website.