vulnerability

Zoom: CVE-2023-22880: Information Disclosure in Zoom for Windows Clients

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:S/C:C/I:N/A:N)	Mar 14, 2023	Jan 8, 2025	Aug 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:C/I:N/A:N)

Published

Mar 14, 2023

Added

Jan 8, 2025

Modified

Aug 11, 2025

Description

Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted text to Microsoft's online Spellcheck service instead of the local Windows Spellcheck.

Solution

zoom-zoom-upgrade-latest

References

CWE-200
CVE-2023-22880
https://attackerkb.com/topics/CVE-2023-22880
URL-https://www.zoom.com/en/trust/security-bulletin/ZSB-23001

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today