{"api_version":"1","generated_at":"2026-05-30T08:44:07+00:00","cve":"CVE-2025-27441","urls":{"html":"https://cve.report/CVE-2025-27441","api":"https://cve.report/api/cve/CVE-2025-27441.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-27441","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-27441"},"summary":{"title":"Zoom Workplace Apps - Cross Site Scripting","description":"Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.","state":"PUBLISHED","assigner":"Zoom","published_at":"2025-04-08 17:15:37","updated_at":"2026-05-15 19:16:56"},"problem_types":["CWE-79","CWE-79 CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5.2","severity":"MEDIUM","vector":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":5.2,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"security@zoom.us","type":"Secondary","score":"4.6","severity":"MEDIUM","vector":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"4.6","severity":"MEDIUM","vector":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","data":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"NONE","baseScore":4.6,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","version":"3.1"}}],"references":[{"url":"https://www.zoom.com/en/trust/security-bulletin/zsb-25013","name":"https://www.zoom.com/en/trust/security-bulletin/zsb-25013","refsource":"security@zoom.us","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-27441","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27441","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Zoom Communications, Inc","product":"Zoom Workplace Apps","version":"affected See references. custom","platforms":["Windows","MacOS","Linux","iOS","Android"]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2025","cve_id":"27441","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"zoom","cpe5":"meeting_software_development_kit","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"android","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"27441","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"zoom","cpe5":"meeting_software_development_kit","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"iphone_os","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"27441","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"zoom","cpe5":"meeting_software_development_kit","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"linux","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"27441","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"zoom","cpe5":"meeting_software_development_kit","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"macos","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"27441","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"zoom","cpe5":"meeting_software_development_kit","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"27441","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"zoom","cpe5":"rooms","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"android","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"27441","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"zoom","cpe5":"rooms","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"ipados","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"27441","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"zoom","cpe5":"rooms","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"macos","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"27441","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"zoom","cpe5":"rooms","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"27441","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"zoom","cpe5":"rooms_controller","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"android","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"27441","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"zoom","cpe5":"rooms_controller","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"linux","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"27441","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"zoom","cpe5":"rooms_controller","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"macos","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"27441","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"zoom","cpe5":"rooms_controller","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"27441","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"zoom","cpe5":"workplace","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"android","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"27441","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"zoom","cpe5":"workplace","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"iphone_os","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"27441","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"zoom","cpe5":"workplace_desktop","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"linux","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"27441","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"zoom","cpe5":"workplace_desktop","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"macos","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"27441","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"zoom","cpe5":"workplace_desktop","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"27441","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"zoom","cpe5":"workplace_virtual_desktop_infrastructure","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-27441","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-04-08T20:34:25.678905Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-04-08T20:34:37.035Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows","MacOS","Linux","iOS","Android"],"product":"Zoom Workplace Apps","vendor":"Zoom Communications, Inc","versions":[{"status":"affected","version":"See references.","versionType":"custom"}]}],"datePublic":"2025-04-08T12:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access."}],"value":"Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"NONE","baseScore":4.6,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-15T18:15:16.837Z","orgId":"99b9af0d-a833-4a5d-9e2f-8b1324f35351","shortName":"Zoom"},"references":[{"url":"https://www.zoom.com/en/trust/security-bulletin/zsb-25013"}],"source":{"discovery":"UNKNOWN"},"title":"Zoom Workplace Apps - Cross Site Scripting","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"99b9af0d-a833-4a5d-9e2f-8b1324f35351","assignerShortName":"Zoom","cveId":"CVE-2025-27441","datePublished":"2025-04-08T16:14:40.782Z","dateReserved":"2025-02-25T18:35:04.401Z","dateUpdated":"2026-05-15T18:15:16.837Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-04-08 17:15:37","lastModifiedDate":"2026-05-15 19:16:56","problem_types":["CWE-79","CWE-79 CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')"],"metrics":{"cvssMetricV31":[{"source":"security@zoom.us","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":5.2,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.7}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*","versionEndExcluding":"6.3.0","matchCriteriaId":"9191AC13-CDC6-48BF-8B62-9CA5F72A2706"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*","versionEndExcluding":"6.3.0","matchCriteriaId":"7378AF1D-B12A-476A-9527-4D262D80BA7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*","versionEndExcluding":"6.3.0","matchCriteriaId":"2488A629-30E3-4CE9-B1F3-48F5203D9102"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*","versionEndExcluding":"6.3.10","matchCriteriaId":"0A42092A-82FA-47E3-A6CA-ADA8E9866D35"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*","versionEndExcluding":"6.3.10","matchCriteriaId":"B33EFD2F-1F24-402A-891E-4C11D40B150E"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*","versionEndExcluding":"6.4.0","matchCriteriaId":"F654DF44-2DB2-4E97-AEEC-CCC8E92AFE70"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*","versionEndExcluding":"6.4.0","matchCriteriaId":"126DBD94-CB68-4D41-8A85-AF3C9BE8C9DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*","versionEndExcluding":"6.4.0","matchCriteriaId":"F41F961A-2FC2-47B6-BC6C-706DE37F2B95"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*","versionEndExcluding":"6.4.0","matchCriteriaId":"390D202B-A60A-411E-8A57-0AF1C2BB0497"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*","versionEndExcluding":"6.4.0","matchCriteriaId":"D3E40A28-D25D-4C71-B3A9-0FCAA094BC35"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*","versionEndExcluding":"6.4.0","matchCriteriaId":"3D4B9352-3583-4B7E-972F-F3C617AE6166"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*","versionEndExcluding":"6.4.0","matchCriteriaId":"412247BC-50D3-41B1-B85E-58E14824F5E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*","versionEndExcluding":"6.4.0","matchCriteriaId":"A117F0E2-8079-41C5-B619-D9059A3120E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*","versionEndExcluding":"6.3.10","matchCriteriaId":"D4CDC6A9-B012-4B41-86A5-CF1E21C9E7BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*","versionEndExcluding":"6.3.10","matchCriteriaId":"F637252E-4090-4CB6-B2DE-70164267B24A"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*","versionEndExcluding":"6.3.10","matchCriteriaId":"2D0DDAEF-261E-4102-9FE3-B9C87A79DEC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*","versionEndExcluding":"6.3.10","matchCriteriaId":"B94C3499-1C6E-4319-9407-98329296DE84"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*","versionEndExcluding":"6.3.10","matchCriteriaId":"51A72376-A363-49F2-A68B-D03BD975BFF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*","versionEndExcluding":"6.1.16","matchCriteriaId":"EBFBB899-04A6-4089-9BCD-A2DE4B748916"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*","versionStartIncluding":"6.1.17","versionEndExcluding":"6.2.12","matchCriteriaId":"BD8A3DE0-D5D5-4B66-B7B2-8567EAA834BB"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"27441","Ordinal":"1","Title":"Zoom Workplace Apps - Cross Site Scripting","CVE":"CVE-2025-27441","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"27441","Ordinal":"1","NoteData":"Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.","Type":"Description","Title":"Zoom Workplace Apps - Cross Site Scripting"}]}}}