CVE-2022-28763

HIGH

Zoom Client for Meetings <5.12.2 - SSRF

Title source: llm

Description

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers.

References (1)

Core 1

Core References

Vendor Advisory

https://explore.zoom.us/en/trust/security/security-bulletin/

Scores

CVSS v3 8.8

EPSS 0.0093

EPSS Percentile 76.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-601 CWE-20

Status published

Products (3)

zoom/meetings < 5.12.2 (5 CPE variants)

zoom/rooms_for_conference_rooms < 5.12.2 (5 CPE variants)

zoom/virtual_desktop_infrastructure < 5.12.2

Published Oct 31, 2022

Tracked Since Feb 18, 2026