CVE-2025-58135 is a vulnerability identified in Zoom Communications, Inc's Zoom Workplace Clients for Windows. The issue is categorized under CWE-837, which pertains to improper enforcement of a single, unique action. Specifically, this vulnerability allows an unauthenticated attacker to perform an information disclosure attack via network access. The flaw arises because the Zoom Workplace client fails to properly enforce restrictions on certain unique actions, potentially enabling unauthorized users to access sensitive information without authentication. The vulnerability has a CVSS v3.1 base score of 5.3, indicating a medium severity level. The vector string (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) reveals that the attack can be conducted remotely over the network (AV:N) but requires high attack complexity (AC:H) and user interaction (UI:R). No privileges are required (PR:N), and the scope remains unchanged (S:U). The impact is primarily on confidentiality (C:H), with no impact on integrity or availability. There are no known exploits in the wild at the time of publication, and no patches have been linked yet. The affected versions are listed as '0', which likely indicates all current versions or a placeholder pending further details. The vulnerability was reserved on August 25, 2025, and published on September 9, 2025.

For European organizations, this vulnerability poses a risk of sensitive information disclosure through the widely used Zoom Workplace Clients on Windows platforms. Given Zoom's extensive adoption across various sectors including corporate, education, and government institutions in Europe, unauthorized disclosure could lead to exposure of confidential communications, internal documents, or user data. The medium severity score reflects that while exploitation requires user interaction and has high complexity, the confidentiality impact is high. This could undermine trust in remote collaboration tools, disrupt business operations, and potentially lead to regulatory compliance issues under GDPR if personal data is exposed. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time. Organizations relying heavily on Zoom for internal and external communications should be aware of potential information leakage risks, particularly in environments where sensitive or regulated data is handled.

To mitigate this vulnerability, European organizations should: 1) Monitor Zoom's official security advisories closely for patches or updates addressing CVE-2025-58135 and apply them promptly once available. 2) Implement network-level controls such as restricting access to Zoom Workplace client services to trusted networks and users, reducing exposure to unauthenticated network access. 3) Educate users about the risks of interacting with unsolicited Zoom invitations or links, as user interaction is required for exploitation. 4) Employ endpoint security solutions capable of detecting anomalous behavior related to Zoom client processes. 5) Consider deploying application-layer firewalls or intrusion detection systems with signatures or heuristics for suspicious Zoom client activity. 6) Review and minimize the amount of sensitive information shared or accessible through Zoom Workplace clients until the vulnerability is remediated. 7) Conduct regular security assessments and penetration testing focusing on collaboration tools to identify potential exploitation paths.