Zoom has issued a number of safety bulletins detailing patches for a number of vulnerabilities affecting its Office purposes.
The disclosures, revealed right this moment, spotlight two high-severity points alongside medium-rated flaws, underscoring the continuing challenges in securing video conferencing instruments utilized by thousands and thousands in hybrid work environments.
These updates come as cybersecurity specialists warn of accelerating exploitation makes an attempt on collaboration software program, probably exposing customers to unauthorized entry and system disruptions.
Zoom Safety Vulnerabilities
Probably the most urgent issues stem from ZSB-25043 and ZSB-25042, each rated excessive severity. In Zoom Office for Android, an improper authorization dealing with flaw (CVE-2025-64741) might allow attackers to bypass entry controls, permitting unauthorized actions throughout the app, akin to becoming a member of conferences with out permission or accessing delicate session information.
This vulnerability impacts Android variations previous to the newest patch, the place flawed permission checks may let malicious actors manipulate consumer privileges over the community.
Equally, the Zoom Office VDI Shopper for Home windows suffers from improper verification of cryptographic signatures (CVE-2025-64740), opening doorways to assaults like accepting tampered updates or intercepting communications.
Safety researchers observe that such signature validation failures have traditionally led to provide chain compromises, the place attackers inject malware into legitimate-looking software program distributions.
Complementing these are two medium-severity path manipulation vulnerabilities. ZSB-25041 impacts numerous Zoom Purchasers with exterior management of file identify or path (CVE-2025-64739), probably permitting adversaries to redirect file operations to unintended places, risking information leakage or arbitrary code execution if exploited in tandem with different flaws.
A parallel concern in Zoom Office for macOS (ZSB-25040, CVE-2025-64738) shares this danger, the place attackers might leverage crafted inputs to traverse directories and overwrite important information.
These path traversal bugs echo widespread internet app weaknesses however are tailored for desktop shoppers, emphasizing the necessity for sturdy enter sanitization in cross-platform instruments.
Rounding out the bulletins is ZSB-25015, an up to date advisory from April 2025, now protecting null pointer dereferences in Zoom Office Apps for Home windows (CVE-2025-30670 and CVE-2025-30671).
Initially revealed on April 8 and revised on November 10, this medium-severity concern might trigger utility crashes or denial-of-service circumstances when the software program mishandles null references throughout processing.
Whereas circuitously exploitable for code execution, it highlights persistent stability issues in Home windows environments, the place repeated crashes may disrupt enterprise operations.
Zoom urges quick updates to the newest variations throughout affected platforms, together with Android, Home windows, macOS, and VDI shoppers, to mitigate these dangers.
The corporate maintains its coverage of not disclosing exploitation particulars, focusing as a substitute on fast patching, however impartial analyses counsel these flaws might be chained for broader impacts like privilege escalation in enterprise settings.
As distant work persists, organizations ought to prioritize patch administration, allow multi-factor authentication, and monitor for anomalous app habits.
This wave of bulletins follows a sample of frequent Zoom updates all through 2025, addressing over a dozen vulnerabilities since August, together with important untrusted search path points.
With CVEs assigned right this moment, the Nationwide Vulnerability Database is anticipated to supply additional scoring quickly, however early assessments peg the high-severity flaws at CVSS scores above 7.5. For customers, the message is evident: well timed updates stay the frontline protection in opposition to evolving threats in unified communications platforms.
Comply with us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to function your tales.
