MEDIUM 4.6
CVE-2025-27441
EN Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
Vecteur d'attaque : Réseau adjacent
Aucun privilège requis
Voir le vecteur CVSS brut
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Configurations CPE vulnérables
| Vendor | Produit | Plateforme | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| zoom |
meeting_software_development_kit Android
|
Android | <6.3.0 | cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:* |
| zoom |
meeting_software_development_kit iOS
|
iOS | <6.3.10 | cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:* |
| zoom |
rooms Android
|
Android | <6.4.0 | cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:* |
| zoom |
rooms iOS
|
iOS | <6.4.0 | cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:* |
| zoom |
rooms_controller Android
|
Android | <6.4.0 | cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:* |
| zoom |
workplace Android
|
Android | <6.3.10 | cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:* |
| zoom |
workplace iOS
|
iOS | <6.3.10 | cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:* |