vulnerability

Zoom Zoom: CVE-2022-22784: Improper XML Parsing in Zoom Client for Meetings

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:S/C:P/I:P/A:N)	May 17, 2022	Jan 8, 2025	Feb 9, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:N)

Published

May 17, 2022

Added

Jan 8, 2025

Modified

Feb 9, 2026

Description

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving user’s client perform a variety of actions. This issue could be used in a more sophisticated attack to forge XMPP messages from the server.

Solution

zoom-zoom-upgrade-latest

References

CVE-2022-22784
https://attackerkb.com/topics/CVE-2022-22784
URL-https://www.zoom.com/en/trust/security-bulletin/ZSB-22006
CWE-91

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today