Zoom for Windows Flaw Allows Attackers to Trigger DoS Attacks

Security researchers have uncovered two significant vulnerabilities in Zoom Clients for Windows, exposing users to potential Denial of Service (DoS) attacks.

The flaws, identified as classic buffer overflow vulnerabilities, could allow an authorized user to disrupt Zoom services via network access.

Both issues have been assigned medium severity ratings, and Zoom has released updates to address the risks.

Details of the Vulnerabilities

A buffer overflow occurs when a program writes more data to a buffer than it can hold. This can corrupt data, crash the application, or, in some cases, allow attackers to execute arbitrary code.

In the context of Zoom for Windows, these vulnerabilities could be exploited to trigger a DoS attack, rendering the service unavailable to legitimate users.

Both vulnerabilities were reported by the security researcher known as “fre3dm4n” and were disclosed in security bulletins ZSB-25028 and ZSB-25024. The initial publication date for both was July 8, 2025.

Impacted Products

The vulnerabilities affect a range of Zoom products for Windows, including:

• Zoom Workplace for Windows
• Zoom Workplace VDI for Windows
• Zoom Rooms for Windows
• Zoom Rooms Controller for Windows
• Zoom Meeting SDK for Windows

Zoom recommends all users and administrators update their Windows clients to the latest versions available at the official Zoom download page.

Applying these updates will address the vulnerabilities and help prevent potential DoS attacks.

While the vulnerabilities require an authorized user to exploit, the potential impact on business continuity and communication is significant.

Organizations relying on Zoom for critical operations should prioritize patching affected systems.

The swift response from Zoom and the responsible disclosure by the researcher demonstrate the importance of ongoing vigilance in software security.

Stay Updated on Daily Cybersecurity News . Follow us on Google News, LinkedIn, and X.