CVE-2025-27440

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-27440
Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.

8.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.zoom.com/en/trust/security-bulletin/zsb-25011/ Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*
cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*
cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*
cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*
cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*
cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*
cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*
cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*
History

22 Oct 2025, 19:25

Type Values Removed Values Added
First Time Zoom meeting Software Development Kit
Zoom rooms Controller
Zoom rooms
Zoom workplace Desktop
Zoom workplace Virtual Desktop Infrastructure
Zoom
Zoom workplace
References () https://www.zoom.com/en/trust/security-bulletin/zsb-25011/ - () https://www.zoom.com/en/trust/security-bulletin/zsb-25011/ - Vendor Advisory
CPE cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*
cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*
cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*
cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*
cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*
cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*
cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*
cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*
cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*
cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*
Summary
  • (es) El desbordamiento de pila en algunas aplicaciones de Zoom Workplace puede permitir que un usuario autenticado realice una escalada de privilegios a través del acceso a la red.

11 Mar 2025, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-11 18:15

Updated : 2025-10-22 19:25

NVD link : CVE-2025-27440

Mitre link : CVE-2025-27440

CVE.ORG link : CVE-2025-27440

JSON object : View

Products Affected

zoom

  • workplace_virtual_desktop_infrastructure
  • workplace_desktop
  • workplace
  • meeting_software_development_kit
  • rooms
  • rooms_controller
CWE
CWE-124

Buffer Underwrite ('Buffer Underflow')