MEDIUM 4.6
CVE-2025-27442
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
Attack vector : Adjacent network
No privileges required
Show raw CVSS vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| zoom |
meeting_software_development_kit Android
|
Android | <6.3.0 | cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:* |
| zoom |
meeting_software_development_kit iOS
|
iOS | <6.3.10 | cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:* |
| zoom |
rooms Android
|
Android | <6.4.0 | cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:* |
| zoom |
rooms iOS
|
iOS | <6.4.0 | cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:* |
| zoom |
rooms_controller Android
|
Android | <6.4.0 | cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:* |
| zoom |
workplace Android
|
Android | <6.3.10 | cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:* |
| zoom |
workplace iOS
|
iOS | <6.3.10 | cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:* |