CVE-2024-45417

MEDIUM
Published Feb 25, 2025 Modified Mar 4, 2025 CWE-708

Description

Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.

CVSS v3.1 Score

6.0
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Weakness Type (CWE)

CWE-708 CWE-708

Affected Products

Vendor Product
zoom meeting_software_development_kit
zoom rooms
zoom video_software_development_kit
zoom workplace_desktop

References

Frequently Asked Questions

What is CVE-2024-45417? +
Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access. It has a CVSS v3.1 base score of 6.0 (MEDIUM).
How severe is CVE-2024-45417? +
CVE-2024-45417 has a CVSS v3.1 score of 6.0 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.
What products are affected by CVE-2024-45417? +
CVE-2024-45417 affects products from zoom, specifically: meeting_software_development_kit, rooms, video_software_development_kit, workplace_desktop. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-45417? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-40196 8.1

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained …
CVE-2024-52561 7.8

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a …
CVE-2023-29122 6.7

Under certain conditions, access to service libraries is granted to account they should not have access to.
CVE-2024-41773 6.5

IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper …
CVE-2024-45426 4.9

Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network …
CVE-2025-14262 4.3

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-45417 — free, no signup required.

Start Free Scan