Zoom has recently addressed several vulnerabilities in its applications, including four high-severity flaws, all of which were discovered by the company’s offensive security team. These vulnerabilities, tracked as CVE-2025-27440, CVE-2025-27439, CVE-2025-0151, and CVE-2025-0150, were quickly acted upon to secure Zoom’s platform.
On March 11, 2025, Zoom released updates for these vulnerabilities, urging users to update their Zoom Workplace apps, Zoom Rooms controllers, and Zoom Meeting SDK to version 6.3.0 or later to mitigate the associated risks. The vulnerabilities primarily focus on memory management issues, with potential for privilege escalation.
One of the high-severity vulnerabilities, CVE-2025-27440, affects Zoom Workplace apps on various platforms, allowing authenticated attackers to escalate their privileges via network access. The severity of this flaw is rated at 8.5 on the CVSS scale. A similar privilege escalation issue is identified in CVE-2025-27439, affecting Zoom Workplace apps across different platforms.
CVE-2025-0151 presents a use-after-free error in Zoom Workplace apps, also enabling privilege escalation through network access. On the other hand, CVE-2025-0150 targets Zoom Workplace apps for iOS, triggering a denial of service condition with a CVSS score of 7.1.
Additionally, a medium-severity vulnerability, tracked as CVE-2025-0149, was patched by Zoom, addressing issues related to the insufficient verification of data authenticity. This flaw allows unprivileged users to conduct a denial-of-service attack through network access, emphasizing the importance of updating affected products to ensure security.
Affected products include Zoom Workplace Desktop App for Windows, macOS, and Linux, Zoom Workplace App for iOS and Android, Zoom Rooms Controller and Client Apps, and Zoom Meeting SDK for multiple platforms. Users are advised to update their applications to the latest version offered by Zoom to protect against these vulnerabilities.
In conclusion, Zoom’s proactive response to these security vulnerabilities showcases their commitment to maintaining a secure platform for users. By promptly addressing memory management flaws and denial-of-service risks, Zoom reinforces the importance of regular software updates in safeguarding against cybersecurity threats. Users are encouraged to update their apps promptly to ensure the continued safety of Zoom users worldwide.