CVE-2025-62484 – A regular expression complexity vulnerability i... (How to Fix)

Q: What is the severity of CVE-2025-62484?

CVE-2025-62484 has a CVSS score of 8.1 (HIGH). A regular expression complexity vulnerability in Zoom Workplace Clients allows unauthenticated attackers to potentially escalate privileges via network access. This affects Zoom Workplace Clients before version 6.5.10. Attackers could exploit inefficient regex processing to gain elevated access.

📋 TL;DR

A regular expression complexity vulnerability in Zoom Workplace Clients allows unauthenticated attackers to potentially escalate privileges via network access. This affects Zoom Workplace Clients before version 6.5.10. Attackers could exploit inefficient regex processing to gain elevated access.

💻 Affected Systems

Products:

Zoom Workplace Client

Versions: All versions before 6.5.10

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires network access to the vulnerable client. Zoom Rooms and other Zoom products may not be affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative privileges, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Local privilege escalation allowing attackers to execute code with higher privileges than intended.

🟢

If Mitigated

Limited impact with proper network segmentation and endpoint protection blocking exploitation attempts.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting specific network traffic to trigger the inefficient regex processing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.5.10 or later

Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-25048

Restart Required: Yes

Instructions:

1. Open Zoom Workplace Client. 2. Click your profile picture. 3. Select 'Check for Updates'. 4. Install version 6.5.10 or later. 5. Restart the application.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Zoom clients from untrusted networks

Endpoint Protection

all

Enable application control and behavior monitoring to detect exploitation attempts

🧯 If You Can't Patch

Implement strict network segmentation to isolate Zoom clients from untrusted networks
Deploy endpoint detection and response (EDR) solutions with behavior-based detection

🔍 How to Verify

Check if Vulnerable:

Check Zoom version in Settings > About. If version is below 6.5.10, system is vulnerable.

Check Version:

On Windows: Get-ItemProperty 'HKLM:\SOFTWARE\Zoom\' | Select-Object Version. On macOS: /Applications/zoom.us.app/Contents/Info.plist | grep -A1 CFBundleShortVersionString

Verify Fix Applied:

Confirm Zoom version is 6.5.10 or higher in Settings > About.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from Zoom client
Failed privilege escalation attempts in system logs

Network Indicators:

Unusual network traffic patterns to/from Zoom clients
Malformed network packets targeting Zoom ports

SIEM Query:

source="zoom" AND (event_type="process_creation" OR event_type="privilege_escalation")

📊 Metadata

CVE ID: CVE-2025-62484

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-1333

EPSS Score: 0.09% exploit probability (26.1th percentile)

Published: November 13, 2025

Last Updated: November 19, 2025

🔗 References

https://www.zoom.com/en/trust/security-bulletin/zsb-25048 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-62484, you might also want to check these: