Zoom Video Communications has recently announced the release of a critical security update to address multiple vulnerabilities in its range of applications. Among these vulnerabilities is a high-severity flaw, identified as CVE-2025-0147, which has the potential to allow attackers to escalate privileges within the system. This poses a serious risk to the security and integrity of the Zoom platform.
The company is strongly advising all users to promptly update their software to the latest version in order to minimize the potential risks associated with these security vulnerabilities. Specifically, CVE-2025-0147 is a type confusion issue that affects the Zoom Workplace App for Linux versions before 6.2.10. With a CVSS score of 8.8, this flaw could be exploited by an authorized user to escalate privileges through network access. Not only does this vulnerability impact the Zoom Workplace App for Linux, but it also affects the Zoom Meeting SDK and Video SDK for Linux.
In addition to the critical CVE-2025-0147, Zoom has also addressed five other vulnerabilities of varying severity through this security update. These include CVE-2025-0146, a low-severity symlink following vulnerability in the macOS installer for Zoom Workplace app, CVE-2025-0145, a medium-severity untrusted search path issue in Windows installers for certain Zoom Workplace Apps, CVE-2025-0144, a low-severity out-of-bounds write vulnerability across multiple Zoom applications, CVE-2025-0143, a medium-severity out-of-bounds write vulnerability in the Linux version of Zoom Workplace App, and CVE-2025-0142, a medium-severity cleartext storage of sensitive information issue in the Zoom Jenkins bot plugin.
These vulnerabilities impact a wide range of Zoom products, including Zoom Workplace Apps, Zoom Rooms Clients, Zoom Meeting SDKs, and Zoom Video SDKs across various platforms such as Windows, macOS, Linux, iOS, and Android. The company has acknowledged and credited several security researchers, including nahamsec, sim0nsecurity, and shmoul, as well as members of Zoom’s own Offensive Security team, for reporting these vulnerabilities.
It is essential for users to update their Zoom applications to the latest versions available at https://zoom.us/download to protect themselves against potential exploits. By promptly addressing these vulnerabilities and issuing this critical security update, Zoom is demonstrating its commitment to ensuring the security and integrity of its platform for the millions of users who rely on its services worldwide.
Furthermore, users utilizing the Zoom Jenkins bot plugin are encouraged to update to version 1.6 or later from the Jenkins plugin repository to address the vulnerabilities identified in CVE-2025-0142. This proactive approach taken by Zoom highlights the company’s dedication to maintaining a secure environment for its users.
In conclusion, the release of this security update by Zoom is a significant step towards safeguarding its platform against potential threats and vulnerabilities. It is crucial for users to stay vigilant and regularly update their software to ensure they are protected against any security risks. By following these recommendations, users can continue to have a safe and secure experience while using Zoom’s applications.