CVE-2025-62482 is a cross-site scripting (XSS) vulnerability classified under CWE-79, found in Zoom Communications Inc.'s Zoom Workplace application for Windows versions before 6.5.10. This vulnerability arises from improper neutralization of input during web page generation, allowing an unauthenticated attacker to inject malicious scripts that can be executed in the context of the victim's browser. The attack vector is network-based, meaning an attacker can send crafted input over the network to the vulnerable Zoom Workplace client. However, exploitation requires user interaction, such as clicking a malicious link or opening a crafted message, to trigger the XSS payload. The vulnerability impacts the integrity of data by potentially allowing script injection that could manipulate displayed content or perform unauthorized actions on behalf of the user. Confidentiality and availability are not directly impacted. The CVSS v3.1 score is 4.3 (medium severity), reflecting the low complexity of attack but the requirement for user interaction and the limited scope of impact. No known exploits have been reported in the wild as of the publication date. The vulnerability was reserved on October 14, 2025, and published on November 13, 2025. Zoom Workplace is a collaboration and communication platform widely used in enterprise environments, making this vulnerability relevant for organizations relying on it for internal communications.

For European organizations, this vulnerability poses a moderate risk primarily to data integrity within the Zoom Workplace environment. An attacker exploiting this XSS flaw could manipulate the content displayed to users, potentially leading to misinformation, phishing attempts, or unauthorized actions performed under the guise of legitimate users. While confidentiality and availability are not directly compromised, the integrity impact could facilitate further social engineering or lateral attacks. Organizations with extensive remote workforces using Zoom Workplace on Windows are particularly vulnerable. The medium severity indicates that while the threat is not critical, it can still disrupt trust and operational workflows if exploited. Additionally, the lack of known exploits in the wild suggests a window of opportunity for proactive mitigation before widespread attacks occur.

1. Immediately update Zoom Workplace for Windows to version 6.5.10 or later, where this vulnerability is patched. 2. Implement strict input validation and sanitization on any user-generated content or inputs processed by Zoom Workplace components, if customization or integration is used. 3. Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts within the Zoom Workplace web context. 4. Educate users about the risks of clicking unknown links or opening suspicious messages within Zoom Workplace to reduce the likelihood of user interaction exploitation. 5. Monitor network traffic and application logs for unusual or suspicious activity related to Zoom Workplace web components. 6. Coordinate with IT and security teams to ensure Zoom Workplace deployments are regularly updated and security configurations are enforced. 7. Consider network segmentation or application whitelisting to limit exposure of Zoom Workplace clients to untrusted networks.