[CIVN-2025-0319] Multiple Vulnerabilities in Zoom Products
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Zoom Products
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
Zoom Workplace for macOS before version 6.5.10
Zoom Workplace (various clients) before version 6.5.10
Zoom Workplace VDI Client for Windows before version 6.5.10
Zoom Workplace VDI Plugin for macOS (Universal Installer) before versions 6.3.14, 6.4.14, and 6.5.10
Zoom Workplace for Android before version 6.5.10
Zoom Clients / Meeting SDK / Workplace SDK
Overview
Multiple vulnerabilities have been reported in Zoom products, which could be exploited by an attacker to trigger elevation of privilege, conduct cross site scripting attacks and disclosure of sensitive information on the targeted system.
Target Audience:
All end-user organisations and individuals using Zoom applications.
Risk Assessment:
High risk of data manipulation, unauthorized access to sensitive information and arbitrary code execution.
Impact Assessment:
Potential for full system compromise and service disruption.
Description
Multiple vulnerabilities exist in Zoom products due to external control of file name or path, improper verification of cryptographic signature, improper authorization handling and certificate validation.
Successful exploitation of these vulnerabilities could be exploited by an attacker to trigger elevation of privilege, conduct cross site scripting attacks and disclosure of sensitive information on the targeted system.
Solution
Apply appropriate updates as mentioned by the vendors given below:
https://www.zoom.com/en/trust/security-bulletin/zsb-25040/
https://www.zoom.com/en/trust/security-bulletin/zsb-25041/
https://www.zoom.com/en/trust/security-bulletin/zsb-25042/
https://www.zoom.com/en/trust/security-bulletin/zsb-25043/
https://www.zoom.com/en/trust/security-bulletin/zsb-25044/
https://www.zoom.com/en/trust/security-bulletin/zsb-25045/
https://www.zoom.com/en/trust/security-bulletin/zsb-25046/
https://www.zoom.com/en/trust/security-bulletin/zsb-25047/
https://www.zoom.com/en/trust/security-bulletin/zsb-25048/
Vendor Information
Zoom
https://www.zoom.com/en/trust/security-bulletin/
CVE Name
CVE-2025-30662
CVE-2025-30669
CVE-2025-62482
CVE-2025-62483
CVE-2025-62484
CVE-2025-64738
CVE-2025-64739
CVE-2025-64740
CVE-2025-64741
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkZrYAACgkQ3jCgcSdc
ys+idQ//ZIDQ3T0Y1YwadSKRXEwXNQ46Ai+OIwtnzzG8OWYOccar1RvYcA0GQo9Y
4E4XBHG2wy+er0kKJf9wdONg6s7GPXkUnRNaqVXPPqQZG/qEMROlmcM02XtfDqTN
czhymlBr6ALIEsKiccYOmT8Dt8SCgzSddHwWkdQb+I2EMOmU74FLTyq/IryB3B8i
N4uC4Upi4YKenNlWBW8RYegqnl1dvCWJTxciRiZX67iCIYM9IKno1ES9nAUkyo8X
jguRWZKjRQOhOutGRezRz4MyxWiemqEpLdAW+yUy4SxOoQHjaM0w+zjqwMcd85A8
kg+yRLuyuIA4CX+/xXsu7o1zRknutgjmsdeTD9T/IjQrIztkjFwJdvL+HxHYGx1S
A/tKw9jyqh4vJgZixrZ32saDnKGQ7Glb27sziBzthcZ9iLE5h0K8U4wuTilOKQh0
V0ZIlCnHo8GTRavKOuA6/y60Mw5pim2vFEgpOrS6ObICD2qNO+QljGG/yVOIAkw6
8vcLPv+NNzthvcDgvI1s3VwQTehRyQ+iSmmZ0d+QdMbBPVIpiSn4NUpPoizakquW
MFB8XC42TV6/m2CmYNLqHKieW1WHRnuPwrw8apnGoeSLJD9wceu4XlmCR63gl94p
ahkN2GjK9tlkAzMYKGlUEKOktqWmyOQSNBZ7cWX2Fh3JVw+U8ss=
=W33Y
—–END PGP SIGNATURE—–
![[CIVN-2025-0320] Remote Code Execution Vulnerability in Microsoft Graphics Component](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
