Zoom Video Communications has released a critical security update addressing multiple vulnerabilities in its suite of applications, including a high-severity flaw that could allow attackers to escalate privileges.
The company urges users to update their software immediately to mitigate potential risks.
The most severe vulnerability, CVE-2025-0147, is a type confusion issue affecting the Zoom Workplace App for Linux versions prior to 6.2.10.
With a CVSS score of 8.8, this high-severity flaw could enable an authorized user to escalate privileges via network access.
The vulnerability also impacts the Zoom Meeting SDK and Video SDK for Linux. As a result of this, Zoom released a critical security update.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
Other vulnerabilities
In addition to CVE-2025-0147, Zoom patched five other vulnerabilities of varying severity:-
- CVE-2025-0146: A low-severity symlink following vulnerability in the macOS installer for Zoom Workplace app (CVSS score: 3.9).
- CVE-2025-0145: A medium-severity untrusted search path issue in Windows installers for some Zoom Workplace Apps (CVSS score: 4.6).
- CVE-2025-0144: A low-severity out-of-bounds write vulnerability affecting multiple Zoom applications across various platforms (CVSS score: 3.1).
- CVE-2025-0143: A medium-severity out-of-bounds write vulnerability in the Linux version of Zoom Workplace App (CVSS score: 4.3).
- CVE-2025-0142: A medium-severity cleartext storage of sensitive information issue in the Zoom Jenkins bot plugin (CVSS score: 4.3).
These vulnerabilities affect a wide range of Zoom products, including Zoom Workplace Apps, Zoom Rooms Clients, Zoom Meeting SDKs, and Zoom Video SDKs across Windows, macOS, Linux, iOS, and Android platforms.
Zoom has credited several security researchers for reporting these vulnerabilities, including nahamsec, sim0nsecurity, shmoul, and members of Zoom’s own Offensive Security team.
This security update is one of the most important updates released by Zoom, as with this update it promptly applied the patches.
To protect against potential exploits, users are strongly advised to update their Zoom applications to the latest versions available at https://zoom.us/download.
By addressing these vulnerabilities, Zoom demonstrates its commitment to maintaining the security and integrity of its platform for millions of users worldwide.
Besides this, for the Zoom Jenkins bot plugin, users should update to version 1.6 or later from the Jenkins plugin repository.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!