[CIVN-2025-0207] Multiple Vulnerabilities in Zoom
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Zoom
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 (or before 6.2.15 / 6.3.12 in respective tracks)
Zoom Workplace Desktop for Windows before version 6.5.0
Zoom Workplace VDI Client for Windows before versions 6.3.14 and 6.4.12
Zoom Rooms Controller for Windows, macOS, Linux, Android before version 6.5.0
Zoom Rooms Client for Windows, macOS, Android, iPad, before version 6.5.0
Zoom Meeting SDK for Windows, macOS, Linux, Android before version 6.5.0
Zoom Workplace for Windows on ARM before version 6.5.0
Overview
Multiple vulnerabilities have been reported in Zoom products, which could be exploited by a remote attacker to perform denial of service (DoS), bypass authorisation checks, inject malicious code, or gain unauthorised access to sensitive information on the targeted system.
Target Audience:
All end-user organisations and individuals using Zoom applications.
Risk Assessment:
High risk of data manipulation and malicious code injection.
Impact Assessment:
Potential compromise of application integrity and service disruption.
Description
Multiple vulnerabilities exist in Zoom products due to race conditions, improper enforcement of actions, incorrect authorisation checks, insufficient sanitisation of user-supplied data, boundary errors, argument injection, and missing authorisation mechanisms.
Successful exploitation of these vulnerabilities could be exploited by a remote attacker to perform denial of service (DoS), bypass authorisation checks, inject malicious code, or gain unauthorised access to sensitive information on the targeted system.
Solution
Apply appropriate updates as mentioned by the vendors given below:
https://www.zoom.com/en/trust/security-bulletin/zsb-25037/
https://www.zoom.com/en/trust/security-bulletin/zsb-25036/
https://www.zoom.com/en/trust/security-bulletin/zsb-25035/
https://www.zoom.com/en/trust/security-bulletin/zsb-25034/
https://www.zoom.com/en/trust/security-bulletin/zsb-25033/
https://www.zoom.com/en/trust/security-bulletin/zsb-25032/
https://www.zoom.com/en/trust/security-bulletin/zsb-25031/
Vendor Information
Zoom
https://www.zoom.com/en/trust/security-bulletin/
References
https://www.zoom.com/en/trust/security-bulletin/zsb-25037/
https://www.zoom.com/en/trust/security-bulletin/zsb-25036/
https://www.zoom.com/en/trust/security-bulletin/zsb-25035/
https://www.zoom.com/en/trust/security-bulletin/zsb-25034/
https://www.zoom.com/en/trust/security-bulletin/zsb-25033/
https://www.zoom.com/en/trust/security-bulletin/zsb-25032/
https://www.zoom.com/en/trust/security-bulletin/zsb-25031/
CVE Name
CVE-2025-49458
CVE-2025-49459
CVE-2025-49460
CVE-2025-49461
CVE-2025-58131
CVE-2025-58134
CVE-2025-58135
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjBh5kACgkQ3jCgcSdc
ys8jpA//cke1nFThMQZM2T3K+eoQfKGC+m7UIFz/+sWyyrBqyuPrc21OjdcF4RMr
5EKuItfGIsmvo2wu3OovL0TPDu5HmGRRkBoOAUDT0OyulZff4IRsVoM4pAclty3w
c+gLf1i0ObUwCNsGy2W5KW/o+P22cfzDJNBwNWSJgltjnyTTUTNu0F3lo5z5m6eB
D3C0YzGtrZNL+4GWAVZ6UciOcBvyX6vVqkbFs0UwDCyHuLf2ZjEy8Uk45zppbvg5
nUJ9O4r16F77fNjI5QMa2JfKM9NWhpEr3QQegn46Yqt/8NuArgIUzphkQsZDI7pt
ZtatxQZeGWw11+TY9B+Wz6TjMlFYqIfMJOwfAxdw7LtQrPAA5EDium9U+zWYa2Q4
6NEfP3DUfX2TwF9JUdN5IW56YXiNgJQhe8DV+mquhWzjYAv64M0URIUQus0WSTpJ
rRjaLMhq3BUwtXPumm6VPGRseQOLaklJ6VpKXWZ650Dq/g2SAEam1iAVRLeyvjcF
Ow8+DRFpMfNjj0M/aMWtgns9hyn+Ty68P9M4H8/6UH9ln0MIHmURxwTu57ciQcn+
2N9Gm1Xb9+gkLksv5Ss1h2FGp2fs7Rbp6Vq4s9Z1CWayxjZslUCzWM2fODrnja07
07IswW7tPwFS1JjI7Klt1IpbWJMCFAtJP89ASlrAKh06whW25Ig=
=236v
—–END PGP SIGNATURE—–
![[CIAD-2025-0030] Multiple Vulnerabilities in Microsoft Products](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
