CVE-2025-49462: CWE-352 Cross-Site Request Forgery (CSRF) in Zoom Communications Inc. Zoom Clients
Severity: lowType: vulnerabilityCVE-2025-49462
Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.
CVE-2025-49462: CWE-352 Cross-Site Request Forgery (CSRF) in Zoom Communications Inc. Zoom Clients
Low
Published: Thu Jul 10 2025 (07/10/2025, 16:24:14 UTC)
Source: CVE Database V5
Vendor/Project: Zoom Communications Inc.
Product: Zoom Clients
Description
Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Zoom
- Date Reserved
- 2025-06-04T22:48:18.921Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 686fee50a83201eaaca8ca90
Added to database: 7/10/2025, 4:46:08 PM
Last updated: 7/10/2025, 4:46:08 PM
Views: 1
Related Threats
CVE-2025-7409: SQL Injection in code-projects Mobile Shop
MediumVulnerabilityThu Jul 10 2025
CVE-2025-49464: CWE-287 Improper Authentication in Zoom Communications Inc. Zoom Clients for macOS
MediumVulnerabilityThu Jul 10 2025
CVE-2025-49463: CWE-691: Insufficient Control Flow Management in Zoom Communications Inc. Zoom Clients for iOS
MediumVulnerabilityThu Jul 10 2025
CVE-2025-46789: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Zoom Communications Inc. Zoom Clients for Windows
MediumVulnerabilityThu Jul 10 2025
CVE-2025-46788: CWE-295 Improper Certificate Validation in Zoom Communications Inc. Zoom Workplace for Linux
HighVulnerabilityThu Jul 10 2025
Actions
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.