LOW 3.5 Published on 2025-07-10

CVE-2025-49462

Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.

CVSS v3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Affected tracked apps

Zoom

us.zoom.videomeetings

1 open

Vulnerable CPE configurations

Vendor	Product	Platform	Versions	CPE 2.3 URI
zoom	zoom	Android	<6.4.5	cpe:2.3:a:zoom:zoom::::::android::*
zoom	zoom	iOS	<6.4.5	cpe:2.3:a:zoom:zoom::::::iphone_os::*

View on NVD ↗