- 13/2025
- High
Zoom has released security updates to fix several vulnerabilities across multiple Zoom products.
obtain sensitive information, or perform denial-of-service attacks on the affected systems.
Sample of the addressed Vulnerabilities:
1. Zoom Apps Privilege Escalation Vulnerability (CVE-2025-0147):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Privileges
2. Zoom Jenkins Bot Plugin Obtain Information Vulnerability (CVE-2025-0142):
- CVSS: 4.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Obtain Information
The affected products:
- Zoom Workplace App.
- Zoom Workplace VDI.
- Zoom Meeting SDK.
- Zoom Video SDK.
- Zoom Rooms Client.
- Zoom Rooms Controller.
- Zoom Jenkins bot plugin.
Vulnerabilities
- CVE-2025-0147
- CVE-2025-0146
- CVE-2025-0145
- CVE-2025-0144
- CVE-2025-0143
- CVE-2025-0142
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.