VDB

CVE-2025-64739

CVE-2025-64739 PUBLISHED CVSS 4.300000190734863 MEDIUM

External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.

EPSS 0.07% · 21.8th percentile

Risk Scores

CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS Score
0.07%
21.8th percentile

Affected Products

VendorProductVersions
Zoom Communications Inc.Zoom Clientssee references
zoomworkplace_desktop0, 0, 0
zoomrooms0, 0, 0
zoomrooms_controller0, 0, 0
zoommeeting_software_development_kit0, 0, 0
zoomworkplace_virtual_desktop_infrastructure6.4.10, 0

Timeline

  • Nov 11, 2025 PoC Published
  • Nov 13, 2025 CVE Published
  • Nov 13, 2025 PoC Published
  • Nov 14, 2025 EPSS Score
  • Nov 14, 2025 CVE Updated
  • Nov 19, 2025 EPSS Score
  • Nov 24, 2025 EPSS Score
  • Nov 29, 2025 EPSS Score
  • Dec 4, 2025 EPSS Score
  • Dec 9, 2025 EPSS Score
  • Dec 14, 2025 EPSS Score
  • Dec 19, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›