#VU118252 Inefficient regular expression complexity in Zoom Video Communications, Inc. products - CVE-2025-62484
Published: November 11, 2025
Vulnerability identifier: #VU118252
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2025-62484
CWE-ID: CWE-1333
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Zoom Workplace App for iOS
Zoom Workplace App for Android
Zoom Meeting SDK for iOS
Zoom Meeting SDK for Android
Zoom Workplace App for iOS
Zoom Workplace App for Android
Zoom Meeting SDK for iOS
Zoom Meeting SDK for Android
Software vendor:
Zoom Video Communications, Inc.
Zoom Video Communications, Inc.
Description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote attacker can trick the victim into clicking on a specially crafted URL and alter application's behavior, leading to a potential code execution.
Remediation
Install updates from vendor's website.