CVE-2025-58133
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-10-21
Assigner: Zoom Video Communications, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zoom | rooms | to 6.5.1 (exc) |
| zoom | rooms | to 6.5.1 (exc) |
| zoom | rooms | to 6.5.1 (exc) |
| zoom | rooms | to 6.5.1 (exc) |
| zoom | rooms | to 6.5.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58133 is an authentication bypass vulnerability in Zoom Rooms Clients on multiple platforms (Windows, macOS, Android, iOS, and iPad) before version 6.5.1. It allows an unauthenticated attacker to gain network access and potentially disclose sensitive information without proper authentication. The attack requires user interaction and has a medium severity score of 5.3. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an unauthenticated attacker to access the network and disclose sensitive information from Zoom Rooms Clients. Although it does not affect data integrity or availability, the confidentiality of information can be compromised, potentially leading to information leakage. [1]
What immediate steps should I take to mitigate this vulnerability?
Users should update all Zoom Rooms Clients to version 6.5.1 or later to mitigate the authentication bypass vulnerability. [1]