Zoom Clients - External Control of File Name or Path

Bulletin: ZSB-25041
CVEID: CVE-2025-64739
CVSS Severity: Medium
CVSS Score: 4.3
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Description:

External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

Affected Products:

Zoom Workplace for Windows before version 6.5.10
Zoom Workplace for macOS before version 6.5.10
Zoom Workplace for Linux before version 6.5.10
Zoom Workplace VDI Client for Windows before versions 6.3.14, 6.4.12 and 6.5.10 in their respective tracks
Zoom Meeting SDK for Windows before version 6.5.10
Zoom Meeting SDK for macOS before version 6.5.10
Zoom Meeting SDK for Linux before version 6.5.10

Source:

Reported by Zoom Engineering Security.

Revision	Date	Description
1.1	11/25/2025	Corrected Affected Products.
1.0	11/11/2025	Initial publication.

Zoom Workplace

Business Services

By industry

By audience

Enterprise

For Developer

For partners

🚀 NEW My notes, your AI note taker

Zoom Clients - External Control of File Name or Path

Zoom Clients - External Control of File Name or Path

Subscribe for updates