CVE-2025-49461: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Zoom Communications, Inc Zoom Workplace Clients
Severity: mediumType: vulnerabilityCVE-2025-49461
Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
CVE-2025-49461: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Zoom Communications, Inc Zoom Workplace Clients
Medium
Published: Tue Sep 09 2025 (09/09/2025, 21:42:05 UTC)
Source: CVE Database V5
Vendor/Project: Zoom Communications, Inc
Product: Zoom Workplace Clients
Description
Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Zoom
- Date Reserved
- 2025-06-04T22:48:18.920Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68c0a1239ed239a66bad10ab
Added to database: 9/9/2025, 9:50:27 PM
Last updated: 9/9/2025, 9:50:27 PM
Views: 1
Related Threats
CVE-2025-10171: Buffer Overflow in UTT 1250GW
HighVulnerabilityTue Sep 09 2025
CVE-2025-54260: Out-of-bounds Read (CWE-125) in Adobe Substance3D - Modeler
HighVulnerabilityTue Sep 09 2025
CVE-2025-54259: Integer Overflow or Wraparound (CWE-190) in Adobe Substance3D - Modeler
HighVulnerabilityTue Sep 09 2025
CVE-2025-54258: Use After Free (CWE-416) in Adobe Substance3D - Modeler
HighVulnerabilityTue Sep 09 2025
CVE-2025-49460: CWE-400 Uncontrolled Resource Consumption in Zoom Communications, Inc Zoom Workplace Clients
MediumVulnerabilityTue Sep 09 2025
Actions
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.