CVE-2024-24691

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.

Published: Feb 14, 2024
Updated: May 4, 2025
CVE: CVE-2024-24691
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
zoom / meeting_software_development_kit	-	5.16.5
zoom / zoom	-	5.16.5
zoom / vdi_windows_meeting_clients	-	5.14.14
zoom / vdi_windows_meeting_clients	5.14.14.x	5.15.12
zoom / vdi_windows_meeting_clients	5.15.12.x	5.16.10
zoom / rooms	-	5.17.0

https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/

Vulnerability Database

289,697

CVE-2024-24691