CVE-2023-22880 in Zoom
Summary
by MITRE • 03/16/2023
Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted text to Microsoft’s online Spellcheck service instead of the local Windows Spellcheck. Updating Zoom remediates this vulnerability by disabling the feature. Updating Microsoft Edge WebView2 Runtime to at least version 109.0.1481.0 and restarting Zoom remediates this vulnerability by updating Microsoft’s telemetry behavior.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 10/03/2025
The vulnerability identified as CVE-2023-22880 represents a significant information disclosure weakness affecting multiple Zoom client platforms for Windows environments. This flaw specifically impacts Zoom for Windows clients prior to version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5, and Zoom VDI for Windows clients before version 5.13.1. The security issue stems from the integration of Microsoft Edge WebView2 runtime components within these Zoom applications, creating an unintended data transmission channel that exposes user information to external services.
The technical mechanism behind this vulnerability involves the Microsoft Edge WebView2 runtime's handling of spellcheck functionality within the Zoom client applications. When users engage with spellcheck features, the updated WebView2 runtime began transmitting text content to Microsoft's online Spellcheck service rather than utilizing the local Windows Spellcheck capabilities that users would expect. This behavior creates a data exfiltration vector where sensitive information processed through Zoom's client interfaces could potentially be sent to Microsoft's telemetry infrastructure without user consent or awareness. The vulnerability manifests as an improper data handling mechanism that violates user privacy expectations and creates potential exposure of confidential information.
The operational impact of this information disclosure vulnerability extends beyond simple privacy concerns to encompass broader security implications for organizations relying on Zoom clients for communication and collaboration. Enterprises using affected Zoom versions may unknowingly expose sensitive meeting content, chat messages, or document text to Microsoft's online services through the spellcheck functionality. This vulnerability particularly affects organizations with strict data governance policies or those operating in regulated environments where information disclosure could result in compliance violations. The risk is amplified when considering that the affected applications are commonly used for business-critical communications and may contain proprietary information, personal data, or confidential business discussions.
The remediation approach for CVE-2023-22880 requires a dual-update strategy addressing both the Zoom client applications and the underlying Microsoft Edge WebView2 runtime components. Organizations must update their Zoom clients to versions 5.13.3, 5.13.5, and 5.13.1 respectively for the respective client types, while simultaneously ensuring the Microsoft Edge WebView2 Runtime is updated to at least version 109.0.1481.0. This remediation process effectively disables the problematic spellcheck transmission feature and reconfigures the telemetry behavior to respect local spellcheck processing. The vulnerability aligns with CWE-200, which addresses information exposure, and represents a specific case of improper data handling that violates user privacy expectations. From an ATT&CK framework perspective, this vulnerability could be categorized under T1566 for credential access through social engineering or T1071 for application layer protocol usage, though the primary classification remains information disclosure through improper data handling. The remediation process demonstrates the importance of component dependency management in enterprise security and highlights how third-party runtime components can introduce unexpected security behaviors that require careful monitoring and updating.