Main Vulnerability Database Vulnerabilities #VU114992

Improper authorization in Zoom Video Communications, Inc. products - CVE-2025-58134

Published: September 9, 2025

Vulnerability identifier: #VU114992

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-58134

CWE-ID: CWE-285

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Zoom Video Communications, Inc.

Affected software:
Zoom Workplace Desktop App for Windows
Zoom Rooms Controller for Windows
Zoom Rooms Client for Windows
Virtual Desktop Infrastructure (VDI)
Zoom Meeting SDK for Windows

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect authorization checks. A remote attacker can trick the victim into performing certain actions and manipulate application's data.

How to mitigate CVE-2025-58134

Install updates from vendor's website.

Sources

https://www.zoom.com/en/trust/security-bulletin/ZSB-25035/

Improper authorization in Zoom Video Communications, Inc. products - CVE-2025-58134

Detailed vulnerability description

How to mitigate CVE-2025-58134

Sources

Please verify you're human