Inefficient regular expression complexity in Zoom Video Communications, Inc. products - CVE-2025-62484
Published: November 11, 2025
Vulnerability identifier: #VU118252
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2025-62484
CWE-ID: CWE-1333
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Zoom Video Communications, Inc.
Affected software:
Zoom Workplace App for iOS
Zoom Workplace App for Android
Zoom Meeting SDK for iOS
Zoom Meeting SDK for Android
Zoom Workplace App for iOS
Zoom Workplace App for Android
Zoom Meeting SDK for iOS
Zoom Meeting SDK for Android
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote attacker can trick the victim into clicking on a specially crafted URL and alter application's behavior, leading to a potential code execution.
How to mitigate CVE-2025-62484
Install updates from vendor's website.