CVE-2024-24697 HIGH

CVE-2024-24697: Zoom Clients - Untrusted Search Path

Vendor Zoom Video Communications, Inc.
Product Zoom Clients
Weakness CWE-426
Published February 13, 2024
Last update May 8, 2025

CVSS base score

7.2/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.

Key dates

02Disclosure timeline

February 13, 2024 CVE published
May 8, 2025 Record updated