Zoom Clients for Windows - Command Injection

Bulletin: ZSB-25038
CVEID: CVE-2025-58132
CVSS Severity: Medium
CVSS Score: 4.1
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

Description:

Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

Affected Products:

Zoom Workplace for Windows before version 6.5.5
Zoom Workplace VDI Client for Windows before version 6.3.15 and 6.4.13 in their respective tracks.
Zoom Rooms for Windows before version 6.5.5
Zoom Meeting SDK for Windows before version 6.5.5

Source:

Reported by shmoul.

Revision	Date	Description
1.0	10/14/2025	Initial publication.