Improper authentication in certain Zoom Clients for macOS before version 6.4.5 may allow an unauthenticated user to conduct an impact to application integrity via network access.

CVE Database V5

Detailed information about CVE-2025-49464: CWE-287 Improper Authentication in Zoom Communications Inc. Zoom Clients for macOS affecting Zoom Communications Inc.

CVE-2025-49464: CWE-287 Improper Authentication in Zoom Communications Inc. Zoom Clients for macOS - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-49464: CWE-287 Improper Authentication in Zoom Communications Inc. Zoom Clients for macOS

Insufficient control flow management in certain Zoom Clients for iOS before version 6.4.5 may allow an unauthenticated user to conduct a disclosure of information via network access.

Detailed information about CVE-2025-49463: CWE-691: Insufficient Control Flow Management in Zoom Communications Inc. Zoom Clients for iOS affecting Zoom Communi

CVE-2025-49463: CWE-691: Insufficient Control Flow Management in Zoom Communications Inc. Zoom Clients for iOS - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-49463: CWE-691: Insufficient Control Flow Management in Zoom Communications Inc. Zoom Clients for iOS

Cross-site scripting in certain Zoom Clients  before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.

Detailed information about CVE-2025-49462: CWE-352 Cross-Site Request Forgery (CSRF) in Zoom Communications Inc. Zoom Clients affecting Zoom Communications Inc.

CVE-2025-49462: CWE-352 Cross-Site Request Forgery (CSRF) in Zoom Communications Inc. Zoom Clients - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-49462: CWE-352 Cross-Site Request Forgery (CSRF) in Zoom Communications Inc. Zoom Clients

Exploring Delegated Admin Risks in AWS Organizations

Source: https://cymulate.com/blog/aws-delegated-admin-org-takeover/

The security threat titled "Exploring Delegated Admin Risks in AWS Organizations" focuses on the potential risks associated with the delegated administrator roles within AWS Organizations. AWS Organizations is a service that allows centralized management of multiple AWS accounts, enabling consolidated billing, policy enforcement, and resource sharing. Delegated administrators are accounts or users granted specific administrative privileges over certain AWS services or organizational units, allowing them to perform management tasks without full root access. The risk arises when these delegated admin roles are improperly configured, overly permissive, or compromised, potentially enabling attackers to escalate privileges, manipulate organizational policies, or gain control over multiple linked AWS accounts. Such risks can lead to unauthorized access, data exfiltration, disruption of cloud resources, and lateral movement within the AWS environment. The threat is highlighted through a recent discussion on Reddit's NetSec community and a blog post on cymulate.com, emphasizing the importance of scrutinizing delegated admin roles to prevent organizational takeover scenarios. Although no known exploits are currently in the wild, the medium severity rating reflects the potential impact if such vulnerabilities are exploited. The minimal discussion level and limited technical details suggest this is an emerging concern requiring further attention and proactive mitigation.

Reddit NetSec

Detailed information about Exploring Delegated Admin Risks in AWS Organizations. Get real-time updates, technical details, and mitigation strategies.

Exploring Delegated Admin Risks in AWS Organizations - Live Threat Intelligence - Threat Radar | OffSeq.com

Exploring Delegated Admin Risks in AWS Organizations

Reddit Discussion: Exploring Delegated Admin Risks in AWS Organizations

A vulnerability was found in code-projects Mobile Shop 1.0 and classified as critical. This issue affects some unknown processing of the file /LoginAsAdmin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-7409: SQL Injection in code-projects Mobile Shop affecting code-projects Mobile Shop. Get real-time updates, technical detai

CVE-2025-7409: SQL Injection in code-projects Mobile Shop

CVE-2025-7409: SQL Injection in code-projects Mobile Shop

Description

Technical Details

Related Threats

CVE-2025-49464: CWE-287 Improper Authentication in Zoom Communications Inc. Zoom Clients for macOS

CVE-2025-49463: CWE-691: Insufficient Control Flow Management in Zoom Communications Inc. Zoom Clients for iOS

CVE-2025-49462: CWE-352 Cross-Site Request Forgery (CSRF) in Zoom Communications Inc. Zoom Clients

CVE-2025-46789: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Zoom Communications Inc. Zoom Clients for Windows

CVE-2025-46788: CWE-295 Improper Certificate Validation in Zoom Communications Inc. Zoom Workplace for Linux

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility