CVE-2023-39213

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.

Published: Aug 9, 2023
Updated: May 4, 2025
CVE: CVE-2023-39213
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-74

Affected Software
References

Software	From	Fixed in
zoom / virtual_desktop_infrastructure	-	5.15.2
zoom / zoom	-	5.15.2

https://explore.zoom.us/en/trust/security/security-bulletin/

Vulnerability Database

289,697

CVE-2023-39213