cvelistv5 - cve-2025-30671

CVE-2025-30671 (GCVE-0-2025-30671)

Vulnerability from cvelistv5 – Published: 2025-04-08 16:21 – Updated: 2025-04-08 20:14

Summary

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Zoom

References

URL

Tags

https://www.zoom.com/en/trust/security-bulletin/z…

Impacted products

	Vendor	Product	Version
	Zoom Communications, Inc	Zoom Workplace Apps for Windows	Affected: See references. (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30671",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-08T20:13:46.501245Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-08T20:14:04.268Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Zoom Workplace Apps for Windows",
          "vendor": "Zoom Communications, Inc",
          "versions": [
            {
              "status": "affected",
              "version": "See references.",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2025-04-08T12:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.\u003cbr\u003e"
            }
          ],
          "value": "Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-08T16:21:01.713Z",
        "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "shortName": "Zoom"
      },
      "references": [
        {
          "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25015"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Zoom Workplace Apps for Windows - Null Pointer",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
    "assignerShortName": "Zoom",
    "cveId": "CVE-2025-30671",
    "datePublished": "2025-04-08T16:21:01.713Z",
    "dateReserved": "2025-03-24T22:35:25.476Z",
    "dateUpdated": "2025-04-08T20:14:04.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-30671\",\"sourceIdentifier\":\"security@zoom.us\",\"published\":\"2025-04-08T17:15:38.607\",\"lastModified\":\"2025-08-01T19:11:04.940\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.\"},{\"lang\":\"es\",\"value\":\"La desreferencia de puntero nulo en algunas aplicaciones de Zoom Workplace para Windows puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@zoom.us\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@zoom.us\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"6.3.10\",\"matchCriteriaId\":\"B33EFD2F-1F24-402A-891E-4C11D40B150E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"6.4.0\",\"matchCriteriaId\":\"390D202B-A60A-411E-8A57-0AF1C2BB0497\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"6.4.0\",\"matchCriteriaId\":\"A117F0E2-8079-41C5-B619-D9059A3120E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"6.3.10\",\"matchCriteriaId\":\"51A72376-A363-49F2-A68B-D03BD975BFF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"6.1.16\",\"matchCriteriaId\":\"EBFBB899-04A6-4089-9BCD-A2DE4B748916\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"6.1.17\",\"versionEndExcluding\":\"6.2.12\",\"matchCriteriaId\":\"BD8A3DE0-D5D5-4B66-B7B2-8567EAA834BB\"}]}]}],\"references\":[{\"url\":\"https://www.zoom.com/en/trust/security-bulletin/zsb-25015\",\"source\":\"security@zoom.us\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-30671\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-08T20:13:46.501245Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-08T20:13:54.669Z\"}}], \"cna\": {\"title\": \"Zoom Workplace Apps for Windows - Null Pointer\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Zoom Communications, Inc\", \"product\": \"Zoom Workplace Apps for Windows\", \"versions\": [{\"status\": \"affected\", \"version\": \"See references.\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-04-08T12:00:00.000Z\", \"references\": [{\"url\": \"https://www.zoom.com/en/trust/security-bulletin/zsb-25015\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"CWE-476 NULL Pointer Dereference\"}]}], \"providerMetadata\": {\"orgId\": \"99b9af0d-a833-4a5d-9e2f-8b1324f35351\", \"shortName\": \"Zoom\", \"dateUpdated\": \"2025-04-08T16:21:01.713Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-30671\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-08T20:14:04.268Z\", \"dateReserved\": \"2025-03-24T22:35:25.476Z\", \"assignerOrgId\": \"99b9af0d-a833-4a5d-9e2f-8b1324f35351\", \"datePublished\": \"2025-04-08T16:21:01.713Z\", \"assignerShortName\": \"Zoom\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2025-19094

Vulnerability from cnvd - Published: 2025-08-20

Title

Zoom Workplace Apps for Windows空指针取消引用漏洞

Description

Zoom Workplace Apps for Windows是Zoom官方推出的协作工具套件，包含团队聊天、白板、笔记等核心功能，需通过Zoom Meetings账户使用。 Zoom Workplace Apps for Windows存在空指针取消引用漏洞，攻击者可利用该漏洞导致认证用户通过网络访问触发拒绝服务。

Severity

中

Patch Name

Zoom Workplace Apps for Windows空指针取消引用漏洞的补丁

Patch Description

Zoom Workplace Apps for Windows是Zoom官方推出的协作工具套件，包含团队聊天、白板、笔记等核心功能，需通过Zoom Meetings账户使用。 Zoom Workplace Apps for Windows存在空指针取消引用漏洞，攻击者可利用该漏洞导致认证用户通过网络访问触发拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级程序修复该安全问题，详情见厂商官网： https://www.zoom.com/en/trust/security-bulletin/zsb-25015

Reference

https://www.zoom.com/en/trust/security-bulletin/zsb-25015 https://nvd.nist.gov/vuln/detail/CVE-2025-30671

Impacted products

Name
Zoom Workplace Apps for Windows

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-30671",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-30671"
    }
  },
  "description": "Zoom Workplace Apps for Windows\u662fZoom\u5b98\u65b9\u63a8\u51fa\u7684\u534f\u4f5c\u5de5\u5177\u5957\u4ef6\uff0c\u5305\u542b\u56e2\u961f\u804a\u5929\u3001\u767d\u677f\u3001\u7b14\u8bb0\u7b49\u6838\u5fc3\u529f\u80fd\uff0c\u9700\u901a\u8fc7Zoom Meetings\u8d26\u6237\u4f7f\u7528\u3002\n\nZoom Workplace Apps for Windows\u5b58\u5728\u7a7a\u6307\u9488\u53d6\u6d88\u5f15\u7528\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8ba4\u8bc1\u7528\u6237\u901a\u8fc7\u7f51\u7edc\u8bbf\u95ee\u89e6\u53d1\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://www.zoom.com/en/trust/security-bulletin/zsb-25015",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-19094",
  "openTime": "2025-08-20",
  "patchDescription": "Zoom Workplace Apps for Windows\u662fZoom\u5b98\u65b9\u63a8\u51fa\u7684\u534f\u4f5c\u5de5\u5177\u5957\u4ef6\uff0c\u5305\u542b\u56e2\u961f\u804a\u5929\u3001\u767d\u677f\u3001\u7b14\u8bb0\u7b49\u6838\u5fc3\u529f\u80fd\uff0c\u9700\u901a\u8fc7Zoom Meetings\u8d26\u6237 \u4f7f\u7528\u3002\r\n\r\nZoom Workplace Apps for Windows\u5b58\u5728\u7a7a\u6307\u9488\u53d6\u6d88\u5f15\u7528\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8ba4\u8bc1\u7528\u6237\u901a\u8fc7\u7f51\u7edc\u8bbf\u95ee\u89e6\u53d1\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Zoom Workplace Apps for Windows\u7a7a\u6307\u9488\u53d6\u6d88\u5f15\u7528\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Zoom Workplace Apps for Windows"
  },
  "referenceLink": "https://www.zoom.com/en/trust/security-bulletin/zsb-25015\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-30671",
  "serverity": "\u4e2d",
  "submitTime": "2025-05-13",
  "title": "Zoom Workplace Apps for Windows\u7a7a\u6307\u9488\u53d6\u6d88\u5f15\u7528\u6f0f\u6d1e"
}

WID-SEC-W-2025-0735

Vulnerability from csaf_certbund - Published: 2025-04-07 22:00 - Updated: 2025-04-07 22:00

Summary

Zoom Video Communications Workplace und Rooms: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Zoom Workplace ist eine Plattform, die Videokonferenz-, Chat-, Telefon- und Collaboration-Tools integriert, um Remote- und Hybrid-Arbeitsumgebungen in Unternehmen zu unterstützen. Zoom Rooms ist ein softwarebasiertes Raumsystem, das integrierte Audiokonferenzen, drahtlose Bildschirmfreigabe und Videokonferenzen ermöglicht.

Angriff

Ein Angreifer aus einem angrenzenden Netzwerk kann mehrere Schwachstellen in Zoom Video Communications Workplace und Rooms ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, einen Denial-of-Service-Zustand zu verursachen und Daten zu manipulieren.

Betroffene Betriebssysteme

- Android - Linux - MacOS X - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Zoom Workplace ist eine Plattform, die Videokonferenz-, Chat-, Telefon- und Collaboration-Tools integriert, um Remote- und Hybrid-Arbeitsumgebungen in Unternehmen zu unterst\u00fctzen.\r\nZoom Rooms ist ein softwarebasiertes Raumsystem, das integrierte Audiokonferenzen, drahtlose Bildschirmfreigabe und Videokonferenzen erm\u00f6glicht.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer aus einem angrenzenden Netzwerk kann mehrere Schwachstellen in Zoom Video Communications Workplace und Rooms ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen und Daten zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Android\n- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0735 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0735.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0735 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0735"
      },
      {
        "category": "external",
        "summary": "Zoom Security Bulletin vom 2025-04-07",
        "url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25013/"
      },
      {
        "category": "external",
        "summary": "Zoom Security Bulletin vom 2025-04-07",
        "url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25014/"
      },
      {
        "category": "external",
        "summary": "Zoom Security Bulletin vom 2025-04-07",
        "url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25015/"
      }
    ],
    "source_lang": "en-US",
    "title": "Zoom Video Communications Workplace und Rooms: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-04-07T22:00:00.000+00:00",
      "generator": {
        "date": "2025-04-08T11:45:13.828+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0735",
      "initial_release_date": "2025-04-07T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-04-07T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Controller \u003c6.4.0",
                "product": {
                  "name": "Zoom Video Communications Rooms Controller \u003c6.4.0",
                  "product_id": "T042489"
                }
              },
              {
                "category": "product_version",
                "name": "Controller 6.4.0",
                "product": {
                  "name": "Zoom Video Communications Rooms Controller 6.4.0",
                  "product_id": "T042489-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zoom:rooms:controller__6.4.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Client \u003c6.4.0",
                "product": {
                  "name": "Zoom Video Communications Rooms Client \u003c6.4.0",
                  "product_id": "T042490"
                }
              },
              {
                "category": "product_version",
                "name": "Client 6.4.0",
                "product": {
                  "name": "Zoom Video Communications Rooms Client 6.4.0",
                  "product_id": "T042490-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zoom:rooms:client__6.4.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Rooms"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Desktop \u003c6.3.10",
                "product": {
                  "name": "Zoom Video Communications Workplace Desktop \u003c6.3.10",
                  "product_id": "T042486"
                }
              },
              {
                "category": "product_version",
                "name": "Desktop 6.3.10",
                "product": {
                  "name": "Zoom Video Communications Workplace Desktop 6.3.10",
                  "product_id": "T042486-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zoom:workplace:desktop__6.3.10"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "App \u003c6.3.10",
                "product": {
                  "name": "Zoom Video Communications Workplace App \u003c6.3.10",
                  "product_id": "T042487"
                }
              },
              {
                "category": "product_version",
                "name": "App 6.3.10",
                "product": {
                  "name": "Zoom Video Communications Workplace App 6.3.10",
                  "product_id": "T042487-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zoom:workplace:app__6.3.10"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "VDI Client for Windows \u003c6.2.12",
                "product": {
                  "name": "Zoom Video Communications Workplace VDI Client for Windows \u003c6.2.12",
                  "product_id": "T042488"
                }
              },
              {
                "category": "product_version",
                "name": "VDI Client for Windows 6.2.12",
                "product": {
                  "name": "Zoom Video Communications Workplace VDI Client for Windows 6.2.12",
                  "product_id": "T042488-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zoom:workplace:vdi_client_for_windows__6.2.12"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Workplace"
          }
        ],
        "category": "vendor",
        "name": "Zoom Video Communications"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-27441",
      "product_status": {
        "known_affected": [
          "T042486",
          "T042487",
          "T042488",
          "T042489",
          "T042490"
        ]
      },
      "release_date": "2025-04-07T22:00:00.000+00:00",
      "title": "CVE-2025-27441"
    },
    {
      "cve": "CVE-2025-27442",
      "product_status": {
        "known_affected": [
          "T042486",
          "T042487",
          "T042488",
          "T042489",
          "T042490"
        ]
      },
      "release_date": "2025-04-07T22:00:00.000+00:00",
      "title": "CVE-2025-27442"
    },
    {
      "cve": "CVE-2025-27443",
      "product_status": {
        "known_affected": [
          "T042486",
          "T042489",
          "T042490"
        ]
      },
      "release_date": "2025-04-07T22:00:00.000+00:00",
      "title": "CVE-2025-27443"
    },
    {
      "cve": "CVE-2025-30670",
      "product_status": {
        "known_affected": [
          "T042486",
          "T042488",
          "T042489",
          "T042490"
        ]
      },
      "release_date": "2025-04-07T22:00:00.000+00:00",
      "title": "CVE-2025-30670"
    },
    {
      "cve": "CVE-2025-30671",
      "product_status": {
        "known_affected": [
          "T042486",
          "T042488",
          "T042489",
          "T042490"
        ]
      },
      "release_date": "2025-04-07T22:00:00.000+00:00",
      "title": "CVE-2025-30671"
    },
    {
      "cve": "CVE-2025-30672",
      "product_status": {
        "known_affected": [
          "T042486",
          "T042488",
          "T042489",
          "T042490"
        ]
      },
      "release_date": "2025-04-07T22:00:00.000+00:00",
      "title": "CVE-2025-30672"
    }
  ]
}

GHSA-VG4C-J58P-8F66

Vulnerability from github – Published: 2025-04-08 18:34 – Updated: 2025-04-08 18:34

Details

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-30671"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-08T17:15:38Z",
    "severity": "MODERATE"
  },
  "details": "Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.",
  "id": "GHSA-vg4c-j58p-8f66",
  "modified": "2025-04-08T18:34:43Z",
  "published": "2025-04-08T18:34:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30671"
    },
    {
      "type": "WEB",
      "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25015"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2025-30671

Vulnerability from fkie_nvd - Published: 2025-04-08 17:15 - Updated: 2025-08-01 19:11

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

References

	URL	Tags
	security@zoom.us	https://www.zoom.com/en/trust/security-bulletin/zsb-25015	Vendor Advisory

Impacted products

Vendor	Product	Version
zoom	meeting_software_development_kit	*
zoom	rooms	*
zoom	rooms_controller	*
zoom	workplace_desktop	*
zoom	workplace_virtual_desktop_infrastructure	*
zoom	workplace_virtual_desktop_infrastructure	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B33EFD2F-1F24-402A-891E-4C11D40B150E",
              "versionEndExcluding": "6.3.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "390D202B-A60A-411E-8A57-0AF1C2BB0497",
              "versionEndExcluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A117F0E2-8079-41C5-B619-D9059A3120E4",
              "versionEndExcluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "51A72376-A363-49F2-A68B-D03BD975BFF5",
              "versionEndExcluding": "6.3.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "EBFBB899-04A6-4089-9BCD-A2DE4B748916",
              "versionEndExcluding": "6.1.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD8A3DE0-D5D5-4B66-B7B2-8567EAA834BB",
              "versionEndExcluding": "6.2.12",
              "versionStartIncluding": "6.1.17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access."
    },
    {
      "lang": "es",
      "value": "La desreferencia de puntero nulo en algunas aplicaciones de Zoom Workplace para Windows puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
    }
  ],
  "id": "CVE-2025-30671",
  "lastModified": "2025-08-01T19:11:04.940",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security@zoom.us",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-08T17:15:38.607",
  "references": [
    {
      "source": "security@zoom.us",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25015"
    }
  ],
  "sourceIdentifier": "security@zoom.us",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "security@zoom.us",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-30671 (GCVE-0-2025-30671)

CNVD-2025-19094

WID-SEC-W-2025-0735

GHSA-VG4C-J58P-8F66

FKIE_CVE-2025-30671

Tags

Sightings

Nomenclature