#VU112523 Improper Authentication in Zoom Video Communications, Inc. products - CVE-2025-49464
Published: July 8, 2025
Vulnerability identifier: #VU112523
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-49464
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Zoom Workplace Desktop App for macOS
Zoom Rooms Client for macOS
Zoom Rooms Controller for macOS
Zoom Meeting SDK for macOS
Zoom Workplace Desktop App for macOS
Zoom Rooms Client for macOS
Zoom Rooms Controller for macOS
Zoom Meeting SDK for macOS
Software vendor:
Zoom Video Communications, Inc.
Zoom Video Communications, Inc.
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper authentication in certain Zoom Clients for macOS. A remote attacker can impact application integrity.
Remediation
Install updates from vendor's website.