CVE-2025-27442

Q: What is the severity of CVE-2025-27442?

CVE-2025-27442 has a CVSS score of 4.6 (MEDIUM). This cross-site scripting (XSS) vulnerability in Zoom Workplace Apps allows an unauthenticated attacker on the same network to inject malicious scripts into web pages. The vulnerability enables integrity loss by manipulating content that other users see, potentially leading to session hijacking or credential theft. All users of affected Zoom Workplace Apps versions are potentially impacted.

4.6 MEDIUM

Cross-Site Scripting CSRF

📋 TL;DR

This cross-site scripting (XSS) vulnerability in Zoom Workplace Apps allows an unauthenticated attacker on the same network to inject malicious scripts into web pages. The vulnerability enables integrity loss by manipulating content that other users see, potentially leading to session hijacking or credential theft. All users of affected Zoom Workplace Apps versions are potentially impacted.

💻 Affected Systems

Products:

Zoom Workplace Apps

Versions: Specific versions not disclosed in public advisory

Operating Systems: All platforms running Zoom Workplace Apps

Default Config Vulnerable: ⚠️ Yes

Notes: Requires adjacent network access; vulnerability is in specific Zoom Workplace Apps components

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could steal session cookies or authentication tokens, leading to account takeover, data exfiltration, or further network compromise.

🟠

Likely Case

Attackers inject malicious scripts to redirect users to phishing sites, display fake login prompts, or perform actions on behalf of authenticated users.

🟢

If Mitigated

With proper network segmentation and web application firewalls, the impact is limited to isolated network segments with minimal data exposure.

🌐 Internet-Facing: LOW with brief explanation

🏢 Internal Only: MEDIUM with brief explanation

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires adjacent network access but no authentication; typical XSS exploitation techniques apply

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Zoom security bulletin ZSB-25013 for specific patched versions

Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-25013

Restart Required: Yes

Instructions:

1. Access Zoom admin portal
2. Navigate to Updates section
3. Apply latest security updates for Zoom Workplace Apps
4. Restart affected applications/services

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Zoom Workplace Apps to separate VLANs to limit adjacent network access

Web Application Firewall Rules

all

Implement WAF rules to block common XSS payload patterns

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers for Zoom applications
Deploy network monitoring for XSS attack patterns and block malicious IPs

🔍 How to Verify

Check if Vulnerable:

Check Zoom Workplace Apps version against affected versions in ZSB-25013 advisory

Check Version:

Check within Zoom admin portal or application settings for version information

Verify Fix Applied:

Verify Zoom Workplace Apps version is updated to patched version listed in ZSB-25013

📡 Detection & Monitoring

Log Indicators:

Unusual script tags or JavaScript in Zoom application logs
Multiple failed XSS attempts from same source

Network Indicators:

HTTP requests containing suspicious script payloads to Zoom endpoints
Unusual traffic patterns to Zoom applications from internal sources

SIEM Query:

source="zoom_logs" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2025-27442

CVSS v3 Score: 4.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE: CWE-352

EPSS Score: 0.04% exploit probability (10.9th percentile)

Published: April 8, 2025

Last Updated: October 28, 2025

🔗 References

https://www.zoom.com/en/trust/security-bulletin/zsb-25013 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Workplace by Zoom

Workplace by Zoom

Workplace Desktop by Zoom

Workplace Desktop by Zoom

Workplace Desktop by Zoom

Workplace Virtual Desktop Infrastructure by Zoom

Workplace Virtual Desktop Infrastructure by Zoom

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Web Application Firewall Rules

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities