- 197/2025
- High
Zoom has released a security update to fix several vulnerabilities across multiple Zoom products.
The addressed vulnerabilities could allow the attacker to conduct denial of service attacks, gain elevated privileges, bypass security restrictions, or obtain sensitive information from the affected system.
Sample of the addressed vulnerabilities:
1. Zoom Workplace for Windows on ARM – Missing Authorization Vulnerability (CVE-2025-49459):
- CVSS: 7.3
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privilege
2. Zoom Workplace Clients – Buffer Overflow Vulnerability (CVE-2025-49458):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Denial of Service
Sample of the affected products:
- Zoom Workplace for Windows before version 6.5.0.
- Zoom Workplace for macOS before version 6.5.0.
- Zoom Workplace for Linux before version 6.5.0.
- Zoom Meeting SDK for Windows before version 6.5.0.
Vulnerabilities
- CVE-2025-49458
- CVE-2025-49459
- CVE-2025-49460
- CVE-2025-49461
- CVE-2025-58134
- CVE-2025-58135
- CVE-2025-58131
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.