Improper Authentication in Zoom Video Communications, Inc. products - CVE-2025-49464
Published: July 8, 2025
Vulnerability identifier: #VU112523
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-49464
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Zoom Video Communications, Inc.
Affected software:
Zoom Workplace Desktop App for macOS
Zoom Rooms Client for macOS
Zoom Rooms Controller for macOS
Zoom Meeting SDK for macOS
Zoom Workplace Desktop App for macOS
Zoom Rooms Client for macOS
Zoom Rooms Controller for macOS
Zoom Meeting SDK for macOS
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper authentication in certain Zoom Clients for macOS. A remote attacker can impact application integrity.
How to mitigate CVE-2025-49464
Install updates from vendor's website.