5.5
CVE-2025-27443
- EPSS 0.14%
- Veröffentlicht 08.04.2025 16:16:38
- Zuletzt bearbeitet 01.08.2025 19:02:03
- Quelle security@zoom.us
- CVE-Watchlists
- Unerledigt
Zoom Workplace Apps for Windows - Insecure Default Variable Initialization
Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zoom ≫ Meeting Software Development Kit SwPlatformwindows Version < 6.3.10
Zoom ≫ Rooms Controller SwPlatformwindows Version < 6.4.0
Zoom ≫ Workplace Desktop SwPlatformwindows Version < 6.3.10
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.033 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| security@zoom.us | 2.8 | 1.3 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
|
CWE-1188 Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
https://www.zoom.com/en/trust/security-bulletin/zsb-25014