CVE-2021-34425

Summary

The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat's "link preview" functionality. In versions prior to 5.7.3, if a user were to enable the chat's "link preview" feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly.

Affected Software

VendorProductVersion RangeStatus
Zoom Video Communications IncZoom Client for Meetings for Androidunspecified < 5.7.3affected
Zoom Video Communications IncZoom Client for Meetings for iOSunspecified < 5.7.3affected
Zoom Video Communications IncZoom Client for Meetings for Linuxunspecified < 5.7.3affected
Zoom Video Communications IncZoom Client for Meetings for macOSunspecified < 5.7.3affected
Zoom Video Communications IncZoom Client for Meetings for Windowsunspecified < 5.7.3affected

Weaknesses

  • Server-Side Request Forgery (SSRF)

ADP Enrichment

CVE Program Container

Additional References

References