Base Score

MEDIUM4.8

CVE-2025-30669

Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.

VectorADJACENT_NETWORK

Published Bysecurity@zoom.us

Published DateNov 13, 2025, 15:15

Weakness Type (CWE):CWE-295

CVSS Metrics

Base Score

4.8

Vector String

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

ADJACENT_NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE

References

https://www.zoom.com/en/trust/security-bulletin/zsb-25044

Base Score

MEDIUM4.8

Weakness Type (CWE):CWE-295

CVSS Metrics

Base Score

4.8

Vector String

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

ADJACENT_NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE