#VU116989 Improper authentication in Zoom Video Communications, Inc. products - CVE-2025-58133
Published: October 14, 2025
Vulnerability identifier: #VU116989
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-58133
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Zoom Rooms Client for Windows
Zoom Rooms Client for macOS
Zoom Rooms Client for Android
Zoom Rooms Client for iPad
Zoom Rooms Client for Windows
Zoom Rooms Client for macOS
Zoom Rooms Client for Android
Zoom Rooms Client for iPad
Software vendor:
Zoom Video Communications, Inc.
Zoom Video Communications, Inc.
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error when processing authentication requests. A remote attacker can bypass authentication process and gain access to sensitive information.
Remediation
Install updates from vendor's website.