CVE-2025-62482 - Vulnerability Details - OpenCVE

Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Microsoft	Windows
Zoom	Workplace Workplace App Zoom

No data.

No data.

References

Link	Providers
https://www.zoom.com/en/trust/security-bulletin/zsb-25046

History

Fri, 14 Nov 2025 09:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft Microsoft windows Zoom Zoom workplace Zoom workplace App Zoom zoom
Vendors & Products		Microsoft Microsoft windows Zoom Zoom workplace Zoom workplace App Zoom zoom

Thu, 13 Nov 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 13 Nov 2025 15:15:00 +0000

Type	Values Removed	Values Added
Description		Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.
Title		Zoom Workplace for Windows - Cross-site Scripting
Weaknesses		CWE-79
References		https://www.zoom.com/en/trust/security-bulletin/zsb-25046
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: Zoom

Published: 2025-11-13T14:56:25.642Z

Updated: 2025-11-13T15:38:29.563Z

Reserved: 2025-10-14T23:02:23.206Z

Link: CVE-2025-62482

Vulnrichment

Updated: 2025-11-13T15:33:31.856Z

NVD

Status : Awaiting Analysis

Published: 2025-11-13T15:15:51.697

Modified: 2025-11-14T16:42:03.187

Link: CVE-2025-62482

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-62482", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "state": "PUBLISHED", "assignerShortName": "Zoom", "dateReserved": "2025-10-14T23:02:23.206Z", "datePublished": "2025-11-13T14:56:25.642Z", "dateUpdated": "2025-11-13T15:38:29.563Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Zoom Workplace", "vendor": "Zoom Communications Inc.", "versions": [{"lessThan": "6.5.10", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-11-11T13:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(247, 247, 248);\">Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.</span><br>"}], "value": "Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2025-11-13T14:56:25.642Z"}, "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25046"}], "source": {"discovery": "UNKNOWN"}, "title": "Zoom Workplace for Windows - Cross-site Scripting", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-13T15:33:29.118715Z", "id": "CVE-2025-62482", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-13T15:38:29.563Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-62482", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-13T15:33:29.118715Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-13T15:33:31.856Z"}}], "cna": {"title": "Zoom Workplace for Windows - Cross-site Scripting", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zoom Communications Inc.", "product": "Zoom Workplace", "versions": [{"status": "affected", "version": "0", "lessThan": "6.5.10", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "datePublic": "2025-11-11T13:00:00.000Z", "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25046"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(247, 247, 248);\">Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2025-11-13T14:56:25.642Z"}}}, "cveMetadata": {"cveId": "CVE-2025-62482", "state": "PUBLISHED", "dateUpdated": "2025-11-13T15:38:29.563Z", "dateReserved": "2025-10-14T23:02:23.206Z", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "datePublished": "2025-11-13T14:56:25.642Z", "assignerShortName": "Zoom"}, "dataVersion": "5.2"}