vulnerability

Zoom Zoom: CVE-2021-34420: Zoom Windows installation executable signature bypass

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Nov 9, 2021	Jan 8, 2025	Mar 25, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Nov 9, 2021

Added

Jan 8, 2025

Modified

Mar 25, 2026

Description

The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer’s computer.Zoom addressed this issue in the 5.5.4 Zoom Client for Meetings for Windows release. Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates fromhttps://zoom.us/download.

Solution

zoom-zoom-upgrade-latest

References

CVE-2021-34420
https://attackerkb.com/topics/CVE-2021-34420
https://www.zoom.com/en/trust/security-bulletin/ZSB-21016
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-21078
CWE-347
EUVD-EUVD-2021-21078

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report