CVE-2022-28755

CRITICAL

Zoom Client for Meetings < 5.11.0 - URL Redirection to Untrusted Site via Malicious Meeting URL

Title source: llm

Description

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including the potential for remote code execution through launching executables from arbitrary paths.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://explore.zoom.us/en/trust/security/security-bulletin/

Scores

CVSS v3 9.6

EPSS 0.0054

EPSS Percentile 67.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-601 CWE-20

Status published

Products (2)

zoom/virtual_desktop_infrastructure < 5.10.7

zoom/zoom < 5.11.0 (5 CPE variants)

Published Aug 11, 2022

Tracked Since Feb 18, 2026