CVE-2025-62484
Published: 13 November 2025
Description
Adversaries may exploit software vulnerabilities in client applications to execute code.
Security Summary
CVE-2025-62484 is a high-severity vulnerability stemming from inefficient regular expression complexity (CWE-1333) in certain Zoom Workplace Clients prior to version 6.5.10. This flaw affects the client software, enabling potential exploitation through crafted network input that triggers excessive computation during regex processing, commonly known as a ReDoS (Regular Expression Denial of Service) condition adapted for privilege escalation.
An unauthenticated attacker (PR:N) with network access (AV:N) can exploit this vulnerability with low complexity (AC:L), though it requires user interaction (UI:R), such as a user clicking a malicious link or accepting a connection in a Zoom session. Successful exploitation leads to escalation of privilege, granting high confidentiality (C:H) and integrity (I:H) impacts without affecting availability (A:N) or changing scope (S:U), as scored at CVSS 8.1 (CVSS:3.1). The attacker could potentially manipulate client privileges to access sensitive data or alter application behavior.
Zoom's security bulletin (ZSB-25048) advises updating affected Zoom Workplace Clients to version 6.5.10 or later as the primary mitigation, addressing the regex inefficiency to prevent exploitation.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a client-side ReDoS flaw exploitable via crafted network input requiring user interaction, enabling client execution (T1203) and directly leading to privilege escalation (T1068).