- 59/2025
- High
Zoom has released security updates to fix several vulnerabilities across multiple Zoom products.
The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, or perform denial-of-service attacks on the affected systems.
Sample of the addressed Vulnerabilities:
1. Zoom Apps Heap-based Buffer Overflow Vulnerability (CVE-2025-27440):
- CVSS: 8.5
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. Zoom Workplace Apps for iOS – Incorrect Behavior Order Vulnerability (CVE-2025-0150):
- CVSS: 7.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Denial-of-Service
Sample of the affected products:
- Zoom Workplace App.
- Zoom Workplace VDI.
- Zoom Meeting SDK.
- Zoom Rooms Client.
- Zoom Rooms Controller.
- Zoom Jenkins bot plugin.
Vulnerabilities
- CVE-2025-27440
- CVE-2025-27439
- CVE-2025-0151
- CVE-2025-0149
- CVE-2025-0148
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.