Zoom has released important security patches addressing several vulnerabilities that affect its applications, including four high-severity flaws. These Zoom vulnerabilities was discovered by the company’s offensive security team and quickly acted to secure its platform.
On March 11, 2025, Zoom informed users about the release of updates for five Zoom vulnerabilities, among which four are classified as high severity. These vulnerabilities, identified by the Common Vulnerability and Exposure (CVE) system, are tracked as CVE-2025-27440, CVE-2025-27439, CVE-2025-0151, and CVE-2025-0150.
They affect Zoom Workplace apps, Zoom Rooms controllers, and the Zoom Meeting SDK. Affected versions of these products are prior to version 6.3.0.
Breakdown of Zoom Vulnerabilities
The vulnerabilities in Zoom apps range in their nature, with several related to memory management issues that could be exploited for privilege escalation. Specifically, these issues include:
- CVE-2025-27440: This vulnerability affects Zoom Workplace apps, including those for Windows, macOS, Linux, iOS, and Android. It allows an authenticated attacker to escalate their privileges via network access. The CVSS (Common Vulnerability Scoring System) score for this vulnerability is 8.5, indicating a high level of severity. Users are advised to update their apps to version 6.3.0 or later to mitigate the risks associated with this flaw.
- CVE-2025-27439: Similar to the previous vulnerability, CVE-2025-27439 is also a privilege escalation issue, caused by a buffer underflow in Zoom Workplace apps. Again, this flaw allows an authenticated attacker to exploit network access to escalate privileges. It shares the same CVSS score of 8.5 and affects the same range of platforms. Updating to version 6.3.0 or higher is recommended to address this issue.
- CVE-2025-0151: The third high-severity vulnerability, CVE-2025-0151, involves a use-after-free error in Zoom Workplace apps. This issue could also allow an attacker to escalate privileges through network access, but it specifically targets a memory management flaw where the app fails to properly handle freed memory. Like the other two high-severity issues, CVE-2025-0151 has a CVSS score of 8.5.
- CVE-2025-0150: This vulnerability affects Zoom Workplace apps for iOS, allowing an attacker to trigger a denial of service (DoS) condition. While the severity is somewhat lower than the others (CVSS score of 7.1), it still poses a security risk as it can cause the application to become unresponsive when triggered by an authenticated user via network access.
Additional Medium-Severity Vulnerability
Along with these high-severity Zoom vulnerabilities, the company also patched a medium-severity flaw related to the insufficient verification of data authenticity. This issue, tracked as CVE-2025-0149, allows an unprivileged user to conduct a DoS attack via network access. The CVSS score for this vulnerability is 6.5, indicating that while it’s less critical, it still warrants attention. Affected products include Zoom Workplace apps for Windows, macOS, iOS, and Android.
Affected Products and Version Updates
The vulnerabilities in Zoom apps affect several products across multiple platforms. These include:
- Zoom Workplace Desktop App for Windows, macOS, and Linux
- Zoom Workplace App for iOS and Android
- Zoom Rooms Controller and Client Apps
- Zoom Meeting SDK for multiple platforms (Windows, iOS, Android, macOS, Linux)
For users to protect themselves from these vulnerabilities in Zoom, it is critical to update to version 6.3.0 or higher, where these security flaws have been resolved. Zoom has made the latest updates available for download at zoom.us/download.
Conclusion
Zoom’s offensive security team discovered and addressed several critical vulnerabilities, including CVE-2025-27440, CVE-2025-27439, CVE-2025-0151, and CVE-2025-0150, demonstrating the company’s proactive approach to securing its platform. By quickly patching these issues, which involve memory management flaws and potential denial-of-service risks, Zoom reinforces its commitment to user security.
The company urges all users to update their apps promptly to mitigate the potential for exploitation, emphasizing the importance of regular software updates in protecting against cybersecurity threats and ensuring the continued safety of millions of Zoom users worldwide.
