CVE-2024-45426

MEDIUM

Published Feb 25, 2025 Modified Mar 4, 2025 CWE-708

Description

Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.

CVSS v3.1 Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Weakness Type (CWE)

CWE-708 CWE-708

Affected Products

Vendor	Product	Versions
zoom	meeting_software_development_kit	< 6.1.0
zoom	meeting_software_development_kit	< 6.1.0
zoom	meeting_software_development_kit	< 6.1.0
zoom	rooms	< 6.1.0
zoom	rooms	< 6.1.0
zoom	rooms_controller	< 6.1.0
zoom	rooms_controller	< 6.1.0
zoom	rooms_controller	< 6.1.0
zoom	workplace	< 6.1.0
zoom	workplace_desktop	< 6.1.0
zoom	workplace_desktop	< 6.1.0
zoom	workplace_virtual_desktop_infrastructure	< 6.1.10

References

Advisories & Patches

https://www.zoom.com/en/trust/security-bulletin/zsb-24038/

Frequently Asked Questions

What is CVE-2024-45426? +

Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. It has a CVSS v3.1 base score of 4.9 (MEDIUM).

How severe is CVE-2024-45426? +

CVE-2024-45426 has a CVSS v3.1 score of 4.9 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.

What products are affected by CVE-2024-45426? +

CVE-2024-45426 affects products from zoom, specifically: meeting_software_development_kit, rooms, rooms_controller, workplace, workplace_desktop, workplace_virtual_desktop_infrastructure. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-45426? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-40196 8.1

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained …

CVE-2024-52561 7.8

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a …

CVE-2023-29122 6.7

Under certain conditions, access to service libraries is granted to account they should not have access to.

CVE-2024-41773 6.5

IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper …

CVE-2024-45417 6.0

Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user …

CVE-2025-14262 4.3

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other …

Quick Facts

CVSS Score: 4.9
Severity: MEDIUM
Published: Feb 25, 2025

Scan for this vulnerability

Check if your website or infrastructure is affected by CVE-2024-45426.

Website Scan Port Scan

Browse CVEs

Critical High CISA KEV ! Most likely exploited →