Zoom has released security patches addressing two critical vulnerabilities in Zoom Rooms deployments on both Windows and macOS.
The vulnerabilities expose users to privilege escalation attacks and unauthorized software manipulation, prompting immediate update recommendations across enterprise environments.
The first vulnerability, tracked as CVE-2025-67460, affects Zoom Rooms for Windows with a High severity rating.
This flaw stems from a failure in the software downgrade protection mechanism, allowing attackers to manipulate or downgrade the application to older, vulnerable versions.
This type of attack enables threat actors to bypass security patches and exploit previously patched vulnerabilities, potentially leading to unauthorized system access and privilege escalation.
The second vulnerability, CVE-2025-67461, affects Zoom Rooms for macOS and has a Medium severity rating.
This vulnerability involves external control of file name or path functionality, which could permit attackers to manipulate file operations and potentially access sensitive data stored on the system.
| CVE ID | Product | Severity | Vulnerability Type |
|---|---|---|---|
| CVE-2025-67460 | Zoom Rooms for Windows | High | Software Downgrade Protection Mechanism Failure |
| CVE-2025-67461 | Zoom Rooms for macOS | Medium | External Control of File Name or Path |
This flaw creates opportunities for data exfiltration and system compromise through malicious file handling.
Both vulnerabilities were disclosed on December 9, 2025, indicating recent discovery and potential active exploitation.
Zoom has not provided specific details regarding individual customer impacts or comprehensive vulnerability assessments.
Instead, the company has issued broad recommendations for all users to immediately update to the latest version of Zoom software to obtain the latest security fixes and improvements.
The timing of these disclosures highlights the ongoing security challenges facing unified communications platforms.
Organizations running Zoom Rooms deployments should prioritize patching immediately to prevent potential lateral movement, data breaches, and system compromise.
Security teams are advised to audit their Zoom Rooms configurations and deployment versions to ensure compliance with the latest security standards.
Zoom emphasizes that maintaining current software versions is essential to security posture, particularly in environments where Zoom Rooms facilitate critical business communications and collaboration.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.