CVE-2025-64754

CVE-2025-64754

Name

CVE-2025-64754

Description

Jitsi Meet is an open source video conferencing application. A vulnerability present in versions prior to 2.0.10532 allows attackers to hijack the OAuth authentication window for Microsoft accounts. This is fixed in version 2.0.10532. No known workarounds are available.

NVD Severity

low

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
CONFIRM	https://github.com/jitsi/jitsi-meet/security/advisories/GHSA-5fx7-wgcr-fj78

Type

URI

CONFIRM

https://github.com/jitsi/jitsi-meet/security/advisories/GHSA-5fx7-wgcr-fj78

CPE URI	Source package	Min version	Max version
	jitsi-meet	>= 0	< 2.0.10532

CPE URI

Source package

Min version

Max version

jitsi-meet

>= 0

< 2.0.10532

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
jitsi-meet	edge-community	1.0.8648-r0	Noel Kuntze <noel.kuntze@contauro.com>	possibly vulnerable
jitsi-meet	edge-community	1.0.8384-r0	Noel Kuntze <noel.kuntze@contauro.com>	possibly vulnerable
jitsi-meet	edge-community	1.0.8302-r0	Noel Kuntze <noel.kuntze@contauro.com>	possibly vulnerable
jitsi-meet	edge-community	1.0.8242-r0	Noel Kuntze <noel.kuntze@contauro.com>	possibly vulnerable
jitsi-meet	3.22-community	1.0.8384-r0	Noel Kuntze <noel.kuntze@contauro.com>	possibly vulnerable
jitsi-meet	3.22-community	1.0.8242-r0	Noel Kuntze <noel.kuntze@contauro.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

jitsi-meet

edge-community

1.0.8648-r0

Noel Kuntze <noel.kuntze@contauro.com>

possibly vulnerable

jitsi-meet

edge-community