- 103/2025
- High
Zoom has released security updates to fix several vulnerabilities across Zoom Workplace Apps.
The addressed vulnerabilities could allow the attacker to conduct a denial of service attack, perform a cross-site scripting attack, bypass security restrictions, or gain elevated privileges to the affected systems.
Sample of the addressed vulnerabilities:
1. Zoom Workplace Apps – Time-of-check Time-of-use Privilege Escalation (CVE- 2025-30663):
- CVSS: 8.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. Zoom Workplace Apps for Windows – Integer Underflow (CVE-2025-30668):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Denial of Service
Vulnerabilities
- CVE-2025-30668
- CVE-2025-46786
- CVE-2025-46787
- CVE-2025-46785
- CVE-2025-30667
- CVE-2025-30665
- CVE-2025-30666
- CVE-2025-30664
- CVE-2025-30663
- CVE-2025-30670
- CVE-2025-30671
- CVE-2025-30672
- CVE-2025-27443
- CVE-2025-27441
- CVE-2025-27442
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.