CVE-2024-45426: 
Zoom Rooms vulnerability analysis and mitigation

Incorrect ownership assignment in some Zoom Workplace Apps was identified as CVE-2024-45426. The vulnerability was discovered by Zoom Offensive Security and disclosed on February 25, 2025. The issue affects multiple Zoom applications including Workplace App, Rooms App, Rooms Controller, and Meeting SDK across Windows, Linux, and iOS platforms (Zoom Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) by NVD with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, while Zoom assessed it at 4.9 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified under CWE-708 (Incorrect Ownership Assignment) and requires network access for exploitation (NVD).

The vulnerability allows privileged users to conduct information disclosure through network access. The CVSS metrics indicate high impact on confidentiality while integrity and availability remain unaffected (NVD).

Users are advised to update to version 6.1.0 or later for most affected applications, and version 6.1.10 or later for Zoom Workplace VDI Client for Windows (except versions 5.17.15 and 6.0.12). Updates can be obtained from the official Zoom download page (Zoom Advisory).