CVE-2025-27441

Summary

CVE-2025-27441 is a cross-site scripting (XSS) vulnerability affecting some Zoom Workplace Apps. This issue permits an unauthenticated user to inject malicious scripts into a targeted website, which can lead to a loss of integrity for adjacent network users. By exploiting this vulnerability, an attacker can steal sensitive information, manipulate data, or carry out other malicious activities, making it a significant security concern for organizations using Zoom Workplace Apps. The impact of this vulnerability is amplified due to its potential for affecting multiple users through adjacent network access. Zoom has been urged to release a patch as soon as possible to mitigate the risk of exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.