Zoom Video Communications has launched a vital safety replace addressing a number of vulnerabilities in its suite of functions, together with a high-severity flaw that would permit attackers to escalate privileges.
The corporate urges customers to replace their software program instantly to mitigate potential dangers.
Essentially the most extreme vulnerability, CVE-2025-0147, is a sort confusion problem affecting the Zoom Office App for Linux variations prior to six.2.10.
With a CVSS rating of 8.8, this high-severity flaw might allow a licensed person to escalate privileges by way of community entry.
The vulnerability additionally impacts the Zoom Assembly SDK and Video SDK for Linux. Because of this, Zoom launched a vital safety replace.
Examine Actual-World Malicious Hyperlinks, Malware & Phishing Assaults With ANY.RUN – Strive for Free
Different vulnerabilities
Along with CVE-2025-0147, Zoom patched 5 different vulnerabilities of various severity:-
- CVE-2025-0146: A low-severity symlink following vulnerability within the macOS installer for Zoom Office app (CVSS rating: 3.9).
- CVE-2025-0145: A medium-severity untrusted search path problem in Home windows installers for some Zoom Office Apps (CVSS rating: 4.6).
- CVE-2025-0144: A low-severity out-of-bounds write vulnerability affecting a number of Zoom functions throughout numerous platforms (CVSS rating: 3.1).
- CVE-2025-0143: A medium-severity out-of-bounds write vulnerability within the Linux model of Zoom Office App (CVSS rating: 4.3).
- CVE-2025-0142: A medium-severity cleartext storage of delicate data problem within the Zoom Jenkins bot plugin (CVSS rating: 4.3).
These vulnerabilities have an effect on a variety of Zoom merchandise, together with Zoom Office Apps, Zoom Rooms Purchasers, Zoom Assembly SDKs, and Zoom Video SDKs throughout Home windows, macOS, Linux, iOS, and Android platforms.
Zoom has credited a number of safety researchers for reporting these vulnerabilities, together with nahamsec, sim0nsecurity, shmoul, and members of Zoom’s personal Offensive Safety staff.
This safety replace is without doubt one of the most vital updates launched by Zoom, as with this replace it promptly utilized the patches.
To guard in opposition to potential exploits, customers are strongly suggested to replace their Zoom functions to the most recent variations obtainable at https://zoom.us/obtain.
By addressing these vulnerabilities, Zoom demonstrates its dedication to sustaining the safety and integrity of its platform for hundreds of thousands of customers worldwide.
Apart from this, for the Zoom Jenkins bot plugin, customers ought to replace to model 1.6 or later from the Jenkins plugin repository.
Discover this Information Fascinating! Comply with us on Google Information, LinkedIn, and X to Get Instantaneous Updates!