Zoom Workplace Apps Flaws Allow Hackers to Gain Elevated Access

Zoom has released multiple security bulletins addressing seven newly discovered vulnerabilities in Zoom Workplace Apps, with one rated as high severity.

All vulnerabilities were disclosed on May 13, 2025, and could potentially allow attackers to escalate privileges through various attack vectors.

The most critical flaw involves a Time-of-check Time-of-use (TOCTOU) vulnerability that could lead to privilege escalation when exploited successfully.

The most severe vulnerability (CVE-2025-30663) disclosed in security bulletin ZSB-25016 is a high-severity Time-of-check Time-of-use flaw affecting Zoom Workplace Apps.

This vulnerability creates a race condition whereby attackers can manipulate resources between the time they’re checked and when they’re used by the application.

This temporal gap allows malicious actors to potentially execute arbitrary code or elevate privileges beyond intended boundaries.

Two separate instances of “Improper Neutralization of Special Elements” were identified in Zoom’s Workplace Apps ecosystem.

The first (ZSB-25022) carries a CVSS score indicating network attackability with low complexity and requiring user interaction.

Similarly, the second instance (ZSB-25017) associated with CVE-2025-30664 could potentially lead to injection attacks where specially crafted input might be processed as commands rather than data.

NULL Pointer Vulnerabilities

The security bulletins revealed a concerning pattern of NULL pointer dereference vulnerabilities across Zoom’s Workplace Apps platform.

Three separate bulletins (ZSB-25020, ZSB-25019, and ZSB-25018) specifically address this issue, with ZSB-25018 uniquely covering two distinct CVEs (CVE-2025-30665 and CVE-2025-30666).

NULL pointer dereference occurs when software attempts to read from or write to memory referenced by a NULL pointer, potentially causing application crashes or unpredictable behavior.

In Zoom’s Windows applications, these vulnerabilities could be triggered through specially crafted inputs or unexpected application states, potentially allowing attackers to cause denial of service conditions or, in some cases, bypass security controls.

The buffer over-read vulnerability (CVE-2025-46785) identified in ZSB-25021 represents another memory-related flaw where the application reads beyond the bounds of allocated memory, potentially exposing sensitive information from adjacent memory locations or causing application instability.

The concurrent release of multiple security bulletins suggests a coordinated security assessment effort by Zoom’s security team.

According to the Report, Organizations utilizing Zoom Workplace Apps should prioritize applying the latest security patches immediately, particularly given the high-severity TOCTOU vulnerability that poses significant risk.

For environments where immediate patching isn’t feasible, security teams should implement additional monitoring for unusual application behavior and network traffic patterns associated with Zoom applications.

Privilege separation and principle of least privilege should be strictly enforced to minimize potential impact from successful exploitation.

The concentration of NULL pointer dereference vulnerabilities indicates potential systematic issues in Zoom’s input validation and memory management processes.

While individually rated as medium severity, the cumulative effect of these vulnerabilities increases the attack surface considerably for organizations heavily dependent on Zoom’s workplace collaboration tools.

As remote and hybrid work environments continue to rely heavily on collaboration platforms like Zoom, maintaining vigilant security practices becomes increasingly critical to prevent attackers from leveraging these types of vulnerabilities to establish footholds within corporate networks.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!