CVE-2025-58135 is a medium severity vulnerability identified in Zoom Communications, Inc's Zoom Workplace Clients for Windows. The vulnerability is categorized under CWE-837, which pertains to improper enforcement of a single, unique action. Specifically, this flaw allows an unauthenticated attacker to exploit improper action enforcement mechanisms within the Zoom Workplace client software. The consequence of this vulnerability is an information disclosure via network access, meaning that sensitive or confidential information could be exposed to unauthorized parties without requiring authentication. The CVSS v3.1 base score is 5.3, indicating a medium level of severity. The vector string (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) reveals that the attack can be performed remotely over the network (AV:N) but requires high attack complexity (AC:H), no privileges (PR:N), and some user interaction (UI:R). The scope remains unchanged (S:U), and the impact is high on confidentiality (C:H), with no impact on integrity (I:N) or availability (A:N). No known exploits are currently reported in the wild, and no patches or mitigation links have been provided yet. The vulnerability was reserved and published in late August and early September 2025, respectively. This vulnerability affects the Windows version of Zoom Workplace Clients, which is a collaboration and communication platform used by enterprises for workplace communication and coordination.

For European organizations, this vulnerability poses a risk of unauthorized information disclosure through the Zoom Workplace client on Windows systems. Given the widespread use of Zoom products in corporate environments across Europe for remote work, meetings, and collaboration, sensitive corporate data, internal communications, or proprietary information could be exposed if exploited. The requirement for user interaction and high attack complexity somewhat limits the ease of exploitation; however, targeted phishing or social engineering campaigns could facilitate exploitation. The confidentiality impact is high, which could lead to data breaches, loss of competitive advantage, or regulatory non-compliance under GDPR if personal or sensitive data is leaked. Since the vulnerability does not affect integrity or availability, operational disruption is less likely, but the reputational and compliance consequences could be significant. Organizations relying heavily on Zoom Workplace for internal communications should consider this vulnerability seriously, especially those in regulated industries or handling sensitive information.

Given the absence of an official patch or update at this time, European organizations should implement several practical mitigations: 1) Limit the use of Zoom Workplace Clients for Windows to trusted users and environments, reducing exposure. 2) Educate users about the risk of social engineering and phishing attacks that could trigger the required user interaction for exploitation. 3) Employ network segmentation and monitoring to detect unusual network activity related to Zoom client communications. 4) Use endpoint protection solutions capable of detecting anomalous behavior in Zoom client processes. 5) Consider temporarily restricting or disabling Zoom Workplace Client usage on Windows systems in high-risk environments until a patch is available. 6) Maintain up-to-date inventories of affected software versions and monitor vendor advisories for patches or updates. 7) Enforce strict access controls and data encryption to minimize the impact of any potential information disclosure. 8) Implement multi-factor authentication and strong user authentication policies to reduce the risk of unauthorized access through other vectors, complementing the defense against this vulnerability.