HomeCII/OTMultiple Vulnerabilities Discovered in Zoom Products

Multiple Vulnerabilities Discovered in Zoom Products

Published on

spot_img

Zoom has recently addressed several vulnerabilities in its applications, including four high-severity flaws, all of which were discovered by the company’s offensive security team. These vulnerabilities, tracked as CVE-2025-27440, CVE-2025-27439, CVE-2025-0151, and CVE-2025-0150, were quickly acted upon to secure Zoom’s platform.

On March 11, 2025, Zoom released updates for these vulnerabilities, urging users to update their Zoom Workplace apps, Zoom Rooms controllers, and Zoom Meeting SDK to version 6.3.0 or later to mitigate the associated risks. The vulnerabilities primarily focus on memory management issues, with potential for privilege escalation.

One of the high-severity vulnerabilities, CVE-2025-27440, affects Zoom Workplace apps on various platforms, allowing authenticated attackers to escalate their privileges via network access. The severity of this flaw is rated at 8.5 on the CVSS scale. A similar privilege escalation issue is identified in CVE-2025-27439, affecting Zoom Workplace apps across different platforms.

CVE-2025-0151 presents a use-after-free error in Zoom Workplace apps, also enabling privilege escalation through network access. On the other hand, CVE-2025-0150 targets Zoom Workplace apps for iOS, triggering a denial of service condition with a CVSS score of 7.1.

Additionally, a medium-severity vulnerability, tracked as CVE-2025-0149, was patched by Zoom, addressing issues related to the insufficient verification of data authenticity. This flaw allows unprivileged users to conduct a denial-of-service attack through network access, emphasizing the importance of updating affected products to ensure security.

Affected products include Zoom Workplace Desktop App for Windows, macOS, and Linux, Zoom Workplace App for iOS and Android, Zoom Rooms Controller and Client Apps, and Zoom Meeting SDK for multiple platforms. Users are advised to update their applications to the latest version offered by Zoom to protect against these vulnerabilities.

In conclusion, Zoom’s proactive response to these security vulnerabilities showcases their commitment to maintaining a secure platform for users. By promptly addressing memory management flaws and denial-of-service risks, Zoom reinforces the importance of regular software updates in safeguarding against cybersecurity threats. Users are encouraged to update their apps promptly to ensure the continued safety of Zoom users worldwide.

Source link

Latest articles

Lazarus Hackers Utilizing IIS Servers for ASP-based Web Shell Deployment

The recent cybersecurity landscape has been shaken by the emergence of sophisticated attacks carried...

Threat Actor Poses as Booking.com in Phishing Scam

The technology giant, Microsoft, recently disclosed a complex cyberattack campaign that utilizes a clever...

Insurer notifies 335,500 customers, agents, others of hack

New Era Life Insurance Companies, a Texas-based insurance firm, has recently announced that it...

Nationwide Cyber Security Review Sees Historic Participation and Positive Outcomes

In the ongoing battle to protect our nation’s state, local, tribal, and territorial (SLTT)...

More like this

Lazarus Hackers Utilizing IIS Servers for ASP-based Web Shell Deployment

The recent cybersecurity landscape has been shaken by the emergence of sophisticated attacks carried...

Threat Actor Poses as Booking.com in Phishing Scam

The technology giant, Microsoft, recently disclosed a complex cyberattack campaign that utilizes a clever...

Insurer notifies 335,500 customers, agents, others of hack

New Era Life Insurance Companies, a Texas-based insurance firm, has recently announced that it...