CVE-2025-49463 – An information disclosure vulnerability in Zoom... (How to Fix)

Q: What is the severity of CVE-2025-49463?

CVE-2025-49463 has a CVSS score of 6.5 (MEDIUM). An information disclosure vulnerability in Zoom iOS clients allows unauthenticated attackers to access sensitive information via network access. This affects Zoom iOS app users running versions before 6.4.5. The vulnerability stems from insufficient control flow management.

📋 TL;DR

An information disclosure vulnerability in Zoom iOS clients allows unauthenticated attackers to access sensitive information via network access. This affects Zoom iOS app users running versions before 6.4.5. The vulnerability stems from insufficient control flow management.

💻 Affected Systems

Products:

Zoom Client for iOS

Versions: All versions before 6.4.5

Operating Systems: iOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects iOS Zoom clients; other platforms are not vulnerable.

📦 What is this software?

Zoom by Zoom

View all CVEs affecting Zoom →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive meeting information, user data, or authentication tokens from vulnerable devices on the same network.

🟠

Likely Case

Information leakage of meeting details, participant lists, or limited user metadata to network-adjacent attackers.

🟢

If Mitigated

Minimal impact with proper network segmentation and updated clients.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires network access to the vulnerable device; no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.4.5

Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-25026/

Restart Required: Yes

Instructions:

1. Open the App Store on your iOS device. 2. Search for 'Zoom'. 3. Tap 'Update' next to Zoom app. 4. Wait for update to complete. 5. Restart the Zoom app.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate iOS devices using Zoom from untrusted networks

Disable Zoom on Untrusted Networks

ios

Prevent Zoom iOS app from running on public or untrusted Wi-Fi networks

🧯 If You Can't Patch

Restrict Zoom iOS app usage to trusted, segmented networks only
Implement network monitoring for unusual data exfiltration patterns from iOS devices

🔍 How to Verify

Check if Vulnerable:

Check Zoom app version in iOS Settings > Zoom > Version. If version is below 6.4.5, device is vulnerable.

Check Version:

Not applicable for iOS; check via Settings app

Verify Fix Applied:

Confirm Zoom app version shows 6.4.5 or higher in iOS Settings.

📡 Detection & Monitoring

Log Indicators:

Unusual network connections from iOS devices running Zoom
Multiple failed authentication attempts followed by successful data access

Network Indicators:

Unexpected data flows from iOS devices on port 8801 (Zoom default)
Unusual outbound traffic patterns from iOS devices during Zoom sessions

SIEM Query:

source="ios_device" AND app="zoom" AND (event="network_access" OR event="data_transfer") AND version<"6.4.5"

📊 Metadata

CVE ID: CVE-2025-49463

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-691

EPSS Score: 0.04% exploit probability (12.5th percentile)

Published: July 10, 2025

Last Updated: August 5, 2025

🔗 References

https://https://www.zoom.com/en/trust/security-bulletin/zsb-25026/ Broken Link,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-49463, you might also want to check these: