CVE-2025-62484 Overview
CVE-2025-62484 is a critical vulnerability affecting certain Zoom Workplace Clients before version 6.5.10. The vulnerability stems from inefficient regular expression complexity (ReDoS - Regular Expression Denial of Service) that may allow an unauthenticated attacker to conduct an escalation of privilege via network access. This type of vulnerability occurs when specially crafted input strings cause catastrophic backtracking in regex engines, potentially leading to resource exhaustion and enabling privilege escalation attacks.
Critical Impact
Unauthenticated attackers can exploit inefficient regular expression handling over the network to escalate privileges on affected Zoom Workplace Clients and Meeting SDK installations on Android and iOS platforms.
Affected Products
- Zoom Workplace for Android (versions before 6.5.10)
- Zoom Workplace for iOS (versions before 6.5.10)
- Zoom Meeting Software Development Kit for Android (versions before 6.5.10)
- Zoom Meeting Software Development Kit for iOS (versions before 6.5.10)
Discovery Timeline
- November 13, 2025 - CVE-2025-62484 published to NVD
- November 19, 2025 - Last updated in NVD database
Technical Details for CVE-2025-62484
Vulnerability Analysis
This vulnerability is classified under CWE-1333 (Inefficient Regular Expression Complexity), commonly known as a ReDoS (Regular Expression Denial of Service) vulnerability. The flaw exists in how the Zoom Workplace Clients process certain input using regular expressions. When an attacker supplies maliciously crafted input that triggers exponential backtracking in the regex engine, it can lead to severe performance degradation and resource exhaustion.
What makes this vulnerability particularly dangerous is that it can be exploited by unauthenticated users over the network, and successful exploitation can lead to privilege escalation. The attack does not require any user interaction or prior authentication, making it highly exploitable in real-world scenarios.
Root Cause
The root cause of CVE-2025-62484 lies in the use of inefficient regular expression patterns within the Zoom Workplace Clients. Regular expressions with nested quantifiers, overlapping alternatives, or other complex constructs can exhibit worst-case exponential time complexity when processing certain input patterns. When such regex patterns are exposed to untrusted network input without proper input validation or timeout mechanisms, attackers can craft payloads that cause the regex engine to consume excessive CPU cycles, potentially creating conditions that enable privilege escalation.
Attack Vector
The attack vector for this vulnerability is network-based. An unauthenticated attacker can send specially crafted input to vulnerable Zoom Workplace Clients over the network. The malicious input is designed to exploit inefficient regular expression patterns, causing the regex matching operation to enter a state of catastrophic backtracking. This resource exhaustion condition can then be leveraged to escalate privileges on the affected system.
The attack can be executed without any user interaction and does not require authentication, significantly lowering the barrier for exploitation. Both mobile platforms (Android and iOS) are affected through the Workplace application and Meeting SDK components.
Detection Methods for CVE-2025-62484
Indicators of Compromise
- Unusual CPU spikes or resource exhaustion on devices running Zoom Workplace applications
- Abnormal network traffic patterns targeting Zoom client endpoints
- Application crashes or unresponsiveness in Zoom Workplace Clients
- Unexpected privilege changes or unauthorized access on affected devices
Detection Strategies
- Monitor for anomalous CPU utilization patterns on endpoints running Zoom Workplace Clients
- Implement network-level detection for malformed or unusually long input strings destined for Zoom applications
- Deploy endpoint detection rules that identify regex-related resource exhaustion patterns
- Enable application-level logging to capture evidence of exploitation attempts
Monitoring Recommendations
- Establish baseline performance metrics for Zoom Workplace Client processes and alert on deviations
- Configure network monitoring to identify potential ReDoS attack patterns targeting mobile devices
- Implement real-time alerting for privilege escalation events on endpoints with Zoom Workplace installed
- Review application logs regularly for signs of abnormal input processing behavior
How to Mitigate CVE-2025-62484
Immediate Actions Required
- Update all Zoom Workplace Clients to version 6.5.10 or later immediately
- Update Zoom Meeting Software Development Kit integrations to version 6.5.10 or later
- Inventory all devices running affected Zoom applications and prioritize patching
- Consider temporary network restrictions for unpatched devices in high-security environments
Patch Information
Zoom has released security patches addressing this vulnerability. Users and organizations should update to Zoom Workplace version 6.5.10 or later. Detailed patch information and download links are available in the Zoom Security Bulletin ZSB-25048. Organizations using the Zoom Meeting SDK should also update their SDK implementations to the patched version.
Workarounds
- Restrict network access to affected Zoom clients from untrusted networks until patches can be applied
- Implement network-level input filtering to block potentially malicious payloads targeting Zoom applications
- Monitor affected endpoints closely for signs of exploitation while awaiting patch deployment
- Consider using mobile device management (MDM) solutions to enforce application version requirements
# Verify Zoom Workplace version on managed devices
# Ensure version is 6.5.10 or later
# For Android devices, check via MDM or ADB:
# adb shell dumpsys package us.zoom.videomeetings | grep versionName
# For iOS devices, verify through MDM console or device settings
# Settings > General > iPhone Storage > Zoom > App Version
# Update to patched version via app store or enterprise deployment
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
