CVE-2025-62482: Unauthenticated XSS Threat in Zoom Workplace for Windows – Upgrade Now!

by

Overview

CVE-2025-62482 is a medium-severity cross-site scripting (XSS) vulnerability affecting Zoom Workplace for Windows versions before 6.5.10. This flaw could allow an unauthenticated attacker with network access to inject malicious scripts, potentially impacting the integrity of the application and user data.

Technical Details

The vulnerability stems from insufficient input sanitization within Zoom Workplace for Windows. Specifically, a network-accessible endpoint lacks proper validation, allowing an attacker to inject arbitrary JavaScript code. By crafting a malicious request, an unauthenticated attacker could potentially execute scripts within the context of the Zoom application, leading to various security risks.

CVSS Analysis

  • CVSS Score: 4.3
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
  • Explanation: This CVSS score indicates a medium-severity vulnerability. The attack vector is network-based (AV:N), requiring no user interaction (UI:N) or privileges (PR:N). While confidentiality and availability are not directly affected (C:N, A:N), the integrity of the application may be compromised (I:L).

Possible Impact

Successful exploitation of CVE-2025-62482 could have the following impacts:

  • Data Manipulation: An attacker could potentially modify data displayed within the Zoom Workplace application.
  • Phishing Attacks: The injected scripts could be used to display fake login prompts or other phishing attempts to steal user credentials.
  • Client-Side Redirection: The attacker could redirect users to malicious websites.
  • Limited System Access: While direct system compromise is unlikely, the XSS could potentially be chained with other vulnerabilities to achieve more significant impact.

Mitigation or Patch Steps

The recommended mitigation is to update Zoom Workplace for Windows to version 6.5.10 or later. Zoom has released a patch that addresses this vulnerability. Follow these steps:

  1. Open the Zoom application.
  2. Click on your profile picture.
  3. Select “Check for Updates.”
  4. Follow the on-screen instructions to install the latest version.
  5. Restart Zoom after the update is complete.

References

Leave a Comment